Experimental CSAF envelope and body profile validator.
Third party dependencies are documented in the folder third-party.
In short: The current version of the
csaf-lint validates documents in various
Common Security Advisory Framework (CSAF) formats against built-in
or user custom schema files.
The supported versions are:
- CSAF 2.0 (default is now the 2021.03.23 editor version)
- CSAF 1.2 (aka CVRF 1.2)
- CSAF 1.1 (aka CVRF 1.1)
- Expect changes to the CSAF v2.0 support because the underlying OASIS specification is undergoing development by the members of the OASIS technical committee. This may lead to breaking changes until the standard is published on committee specification level. The current supported draft JSON Schema versions are from 2021-03-23, 2021-03-19, and 2021-03-07.
- The previous versions namely CVRF 1.1 and 1.2 were in XML format.
- The current version CSAF 2.0-candidates are in JSON Schema format.
Available on PyPI as csaf-lint
Recommended installation of current experimental package:
❯ python -m pipx install csaf-lint
Any feature requests or bug reports shall go to the todos of csaf-lint.
Primary Source repository∞
The main source of
csaf-lint is on a mountain in central Switzerland.
We use distributed version control (git).
There is no central hub.
Every clone can become a new source for the benefit of all.
The preferred public clones of
- on codeberg - a democratic community-driven, non-profit software development platform operated by Codeberg e.V.
- at sourcehut - a collection of tools useful for software development.
Please do not submit "pull requests" (I found no way to disable that "feature" on GitHub). If you like to share small changes under the repositories license please kindly do so by sending a patchset. You can either send such a patchset per email using git send-email or if you are a sourcehut user by selecting "Prepare a patchset" on the summary page of your fork at sourcehut.