[feature] Include Vex Version into the Vex Schema

guacsec / guac

GUAC aggregates software security metadata into a high fidelity graph database.

https://guac.sh

Apache License 2.0

1.26k stars 165 forks source link

[feature] Include Vex Version into the Vex Schema #1259

Closed nathannaveen closed 12 months ago

nathannaveen commented 12 months ago

Update the Vex Schema to include Vex Version.

This issue is based on: https://github.com/guacsec/guac/pull/1241#discussion_r1322948966

The documentation of OpenVEX’s Version: https://github.com/openvex/spec/blob/main/OPENVEX-SPEC.md#document-struct-fields

Vex Schema:

https://github.com/guacsec/guac/blob/349527bff4c62a44d3a0c2ab9709e7437142c73b/pkg/assembler/clients/generated/operations.go#L20477-L20486

lumjjb commented 12 months ago

My thought is that this is similar to SPDX versions. In that case, we don't distinguish between document versions. I think it is reasonable that we decouple the meaning to the VEX minimum elements than to the document version.

pxp928 commented 12 months ago

Closing issue as no action required.