@mitre/hdf-schema 3.0.0 → 3.1.0-rc.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (48) hide show
  1. package/LICENSE.md +55 -0
  2. package/README.md +96 -41
  3. package/dist/go/hdf.go +148 -104
  4. package/dist/helpers.js +4 -44
  5. package/dist/index.d.ts +26 -1
  6. package/dist/index.js +26 -1
  7. package/dist/schemas/hdf-amendments.schema.json +178 -53
  8. package/dist/schemas/hdf-baseline.schema.json +181 -56
  9. package/dist/schemas/hdf-comparison.schema.json +523 -108
  10. package/dist/schemas/hdf-evidence-package.schema.json +175 -50
  11. package/dist/schemas/hdf-plan.schema.json +181 -56
  12. package/dist/schemas/hdf-results.schema.json +502 -87
  13. package/dist/schemas/hdf-system.schema.json +190 -65
  14. package/dist/ts/hdf-amendments.d.ts +43 -15
  15. package/dist/ts/hdf-amendments.js +18 -7
  16. package/dist/ts/hdf-amendments.ts +44 -15
  17. package/dist/ts/hdf-results.d.ts +91 -37
  18. package/dist/ts/hdf-results.js +40 -20
  19. package/dist/ts/hdf-results.ts +91 -36
  20. package/package.json +44 -44
  21. package/dist/python/hdf_amendments.py +0 -695
  22. package/dist/python/hdf_baseline.py +0 -782
  23. package/dist/python/hdf_comparison.py +0 -1771
  24. package/dist/python/hdf_evidence_package.py +0 -593
  25. package/dist/python/hdf_plan.py +0 -363
  26. package/dist/python/hdf_results.py +0 -2163
  27. package/dist/python/hdf_system.py +0 -904
  28. package/src/schemas/hdf-amendments.schema.json +0 -97
  29. package/src/schemas/hdf-baseline.schema.json +0 -190
  30. package/src/schemas/hdf-comparison.schema.json +0 -107
  31. package/src/schemas/hdf-evidence-package.schema.json +0 -227
  32. package/src/schemas/hdf-plan.schema.json +0 -92
  33. package/src/schemas/hdf-results.schema.json +0 -304
  34. package/src/schemas/hdf-system.schema.json +0 -136
  35. package/src/schemas/primitives/amendments.schema.json +0 -155
  36. package/src/schemas/primitives/common.schema.json +0 -814
  37. package/src/schemas/primitives/comparison.schema.json +0 -809
  38. package/src/schemas/primitives/component.schema.json +0 -518
  39. package/src/schemas/primitives/data-flow.schema.json +0 -158
  40. package/src/schemas/primitives/extensions.schema.json +0 -342
  41. package/src/schemas/primitives/parameter.schema.json +0 -128
  42. package/src/schemas/primitives/plan.schema.json +0 -128
  43. package/src/schemas/primitives/platform.schema.json +0 -32
  44. package/src/schemas/primitives/result.schema.json +0 -133
  45. package/src/schemas/primitives/runner.schema.json +0 -83
  46. package/src/schemas/primitives/statistics.schema.json +0 -71
  47. package/src/schemas/primitives/system.schema.json +0 -132
  48. package/src/schemas/primitives/target.schema.json +0 -523
package/src/schemas/primitives/comparison.schema.json DELETED
@@ -1,809 +0,0 @@
1
- {
2
- "$schema": "https://json-schema.org/draft/2020-12/schema",
3
- "$id": "https://mitre.github.io/hdf-libs/schemas/primitives/comparison/v1.0.0",
4
- "title": "HDF Comparison Primitives",
5
- "description": "Types for representing structured comparisons between HDF security assessment documents.",
6
- "$defs": {
7
- "Requirement_State": {
8
- "type": "string",
9
- "enum": [
10
- "new",
11
- "absent",
12
- "unchanged",
13
- "updated",
14
- "fixed",
15
- "regressed",
16
- "moved",
17
- "split",
18
- "merged"
19
- ],
20
- "description": "SARIF-compatible vocabulary extended for security. 'new' = present only in new source, 'absent' = present only in old, 'unchanged' = same effective status, 'updated' = status changed (generic), 'fixed' = was failing now passing, 'regressed' = was passing now failing, 'moved' = reorganized same content, 'split'/'merged' = reserved for v1.1.",
21
- "title": "Requirement State"
22
- },
23
- "Change_Reason": {
24
- "type": "string",
25
- "enum": [
26
- "resultChanged",
27
- "overrideAdded",
28
- "overrideExpired",
29
- "overrideRemoved",
30
- "overrideModified",
31
- "impactChanged",
32
- "baselineUpgraded",
33
- "controlMapped",
34
- "scannerChanged",
35
- "targetChanged",
36
- "configChanged",
37
- "metadataChanged"
38
- ],
39
- "description": "The reason a requirement's state changed between sources.",
40
- "title": "Change Reason"
41
- },
42
- "Comparison_Mode": {
43
- "type": "string",
44
- "enum": [
45
- "temporal",
46
- "baseline",
47
- "fleet",
48
- "multiSource",
49
- "baselineEvolution",
50
- "systemDrift"
51
- ],
52
- "description": "The mode of comparison. 'temporal' compares the same target over time. 'baseline' compares against a golden reference. 'fleet' compares across multiple systems. 'multiSource' compares outputs from different scanners. 'baselineEvolution' compares two baseline documents to detect requirement changes between versions. 'systemDrift' compares two system documents to detect component-level changes.",
53
- "title": "Comparison Mode"
54
- },
55
- "Source_Role": {
56
- "type": "string",
57
- "enum": [
58
- "old",
59
- "new",
60
- "golden",
61
- "reference",
62
- "system"
63
- ],
64
- "description": "The role of a source document in the comparison.",
65
- "title": "Source Role"
66
- },
67
- "Original_Format": {
68
- "type": "string",
69
- "enum": [
70
- "hdf-v2",
71
- "inspec-v1",
72
- "sarif",
73
- "oscal-ar",
74
- "xccdf"
75
- ],
76
- "description": "The original format of the source document before conversion to HDF.",
77
- "title": "Original Format"
78
- },
79
- "Match_Strategy": {
80
- "type": "string",
81
- "enum": [
82
- "exactId",
83
- "mappedId",
84
- "cciMatch",
85
- "nistMatch",
86
- "fuzzyTitle",
87
- "fuzzyContent"
88
- ],
89
- "description": "The strategy used to match requirements across sources. 'exactId' matches by identical IDs. 'mappedId' uses an ID mapping table. 'cciMatch'/'nistMatch' match by framework identifiers. 'fuzzyTitle'/'fuzzyContent' use text similarity.",
90
- "title": "Match Strategy"
91
- },
92
- "Conflict_Resolution": {
93
- "type": "string",
94
- "enum": [
95
- "mostSevere",
96
- "mostRecent",
97
- "manual",
98
- "unresolved"
99
- ],
100
- "description": "How a conflict between multiple scanner results was resolved.",
101
- "title": "Conflict Resolution"
102
- },
103
- "Annotation_Category": {
104
- "type": "string",
105
- "enum": [
106
- "remediation",
107
- "drift",
108
- "waiver",
109
- "baselineChange",
110
- "scannerNote"
111
- ],
112
- "description": "The category of an annotation attached to a comparison.",
113
- "title": "Annotation Category"
114
- },
115
- "Field_Change": {
116
- "type": "object",
117
- "unevaluatedProperties": false,
118
- "required": [
119
- "op",
120
- "path"
121
- ],
122
- "properties": {
123
- "op": {
124
- "type": "string",
125
- "enum": [
126
- "add",
127
- "remove",
128
- "replace"
129
- ],
130
- "description": "The type of change operation."
131
- },
132
- "path": {
133
- "type": "string",
134
- "description": "JSON Pointer path to the changed field."
135
- },
136
- "oldValue": {
137
- "description": "The previous value of the field (for 'remove' and 'replace' operations)."
138
- },
139
- "newValue": {
140
- "description": "The new value of the field (for 'add' and 'replace' operations)."
141
- }
142
- },
143
- "description": "A single field-level change between two versions of a requirement.",
144
- "title": "Field Change"
145
- },
146
- "Source": {
147
- "type": "object",
148
- "unevaluatedProperties": false,
149
- "required": [
150
- "role",
151
- "label"
152
- ],
153
- "properties": {
154
- "role": {
155
- "$ref": "#/$defs/Source_Role",
156
- "description": "The role of this source in the comparison."
157
- },
158
- "label": {
159
- "type": "string",
160
- "description": "Human-readable label for this source. Example: 'Before remediation scan'."
161
- },
162
- "uri": {
163
- "type": "string",
164
- "format": "uri",
165
- "description": "URI pointing to the source document."
166
- },
167
- "originalFormat": {
168
- "$ref": "#/$defs/Original_Format",
169
- "description": "The original format of the source document before conversion to HDF."
170
- },
171
- "checksum": {
172
- "$ref": "https://mitre.github.io/hdf-libs/schemas/primitives/common/v2.0.0#/$defs/Checksum",
173
- "description": "Cryptographic checksum of the source document for integrity verification."
174
- },
175
- "assessmentTimestamp": {
176
- "type": "string",
177
- "format": "date-time",
178
- "description": "When the source assessment was performed. ISO 8601 format."
179
- },
180
- "tool": {
181
- "$ref": "https://mitre.github.io/hdf-libs/schemas/primitives/extensions/v2.0.0#/$defs/Tool",
182
- "description": "The security tool that produced the assessment data in this source."
183
- },
184
- "components": {
185
- "type": "array",
186
- "items": {
187
- "$ref": "https://mitre.github.io/hdf-libs/schemas/primitives/component/v2.0.0#/$defs/Component"
188
- },
189
- "description": "The components assessed in this source."
190
- },
191
- "baselineRef": {
192
- "type": "object",
193
- "unevaluatedProperties": false,
194
- "required": [
195
- "name"
196
- ],
197
- "properties": {
198
- "name": {
199
- "type": "string",
200
- "description": "Name of the baseline used in this source."
201
- },
202
- "version": {
203
- "type": "string",
204
- "description": "Version of the baseline used in this source."
205
- }
206
- },
207
- "description": "Reference to the baseline used in this source assessment."
208
- }
209
- },
210
- "description": "A source document participating in the comparison.",
211
- "title": "Source"
212
- },
213
- "Matching_Config": {
214
- "type": "object",
215
- "unevaluatedProperties": false,
216
- "required": [
217
- "primaryStrategy"
218
- ],
219
- "properties": {
220
- "primaryStrategy": {
221
- "$ref": "#/$defs/Match_Strategy",
222
- "description": "The primary strategy used to match requirements across sources."
223
- },
224
- "fallbackStrategies": {
225
- "type": "array",
226
- "items": {
227
- "$ref": "#/$defs/Match_Strategy"
228
- },
229
- "description": "Ordered list of fallback strategies tried when the primary strategy fails to find a match."
230
- },
231
- "minimumConfidence": {
232
- "type": "number",
233
- "minimum": 0,
234
- "maximum": 1,
235
- "description": "Minimum confidence score (0-1) required to accept a match."
236
- },
237
- "mappingTableUri": {
238
- "type": "string",
239
- "format": "uri",
240
- "description": "URI pointing to an external mapping table used for ID translation."
241
- },
242
- "fingerprintFields": {
243
- "type": "array",
244
- "items": {
245
- "type": "string"
246
- },
247
- "description": "Fields used to compute a fingerprint for fuzzy matching."
248
- }
249
- },
250
- "description": "Configuration for how requirements are matched across sources.",
251
- "title": "Matching Config"
252
- },
253
- "State_Counts": {
254
- "type": "object",
255
- "unevaluatedProperties": false,
256
- "properties": {
257
- "fixed": {
258
- "type": "integer",
259
- "minimum": 0,
260
- "description": "Number of requirements that changed from failing to passing."
261
- },
262
- "regressed": {
263
- "type": "integer",
264
- "minimum": 0,
265
- "description": "Number of requirements that changed from passing to failing."
266
- },
267
- "new": {
268
- "type": "integer",
269
- "minimum": 0,
270
- "description": "Number of requirements present only in the new source."
271
- },
272
- "absent": {
273
- "type": "integer",
274
- "minimum": 0,
275
- "description": "Number of requirements present only in the old source."
276
- },
277
- "unchanged": {
278
- "type": "integer",
279
- "minimum": 0,
280
- "description": "Number of requirements with the same effective status."
281
- },
282
- "updated": {
283
- "type": "integer",
284
- "minimum": 0,
285
- "description": "Number of requirements with a generic status change."
286
- },
287
- "moved": {
288
- "type": "integer",
289
- "minimum": 0,
290
- "description": "Number of requirements that were reorganized without content change."
291
- }
292
- },
293
- "description": "Counts of requirements in each state.",
294
- "title": "State Counts"
295
- },
296
- "Severity_Breakdown": {
297
- "type": "object",
298
- "unevaluatedProperties": false,
299
- "properties": {
300
- "critical": {
301
- "$ref": "#/$defs/State_Counts",
302
- "description": "State counts for critical severity requirements."
303
- },
304
- "high": {
305
- "$ref": "#/$defs/State_Counts",
306
- "description": "State counts for high severity requirements."
307
- },
308
- "medium": {
309
- "$ref": "#/$defs/State_Counts",
310
- "description": "State counts for medium severity requirements."
311
- },
312
- "low": {
313
- "$ref": "#/$defs/State_Counts",
314
- "description": "State counts for low severity requirements."
315
- }
316
- },
317
- "description": "Breakdown of state counts by severity level.",
318
- "title": "Severity Breakdown"
319
- },
320
- "Per_Source_Summary": {
321
- "type": "object",
322
- "unevaluatedProperties": false,
323
- "required": [
324
- "sourceIndex",
325
- "label"
326
- ],
327
- "properties": {
328
- "sourceIndex": {
329
- "type": "integer",
330
- "minimum": 0,
331
- "description": "Zero-based index into the sources array identifying which source this summary is for."
332
- },
333
- "label": {
334
- "type": "string",
335
- "description": "Human-readable label for this source."
336
- },
337
- "fixed": {
338
- "type": "integer",
339
- "minimum": 0,
340
- "description": "Number of requirements that changed from failing to passing."
341
- },
342
- "regressed": {
343
- "type": "integer",
344
- "minimum": 0,
345
- "description": "Number of requirements that changed from passing to failing."
346
- },
347
- "new": {
348
- "type": "integer",
349
- "minimum": 0,
350
- "description": "Number of requirements present only in the new source."
351
- },
352
- "absent": {
353
- "type": "integer",
354
- "minimum": 0,
355
- "description": "Number of requirements present only in the old source."
356
- },
357
- "unchanged": {
358
- "type": "integer",
359
- "minimum": 0,
360
- "description": "Number of requirements with the same effective status."
361
- },
362
- "updated": {
363
- "type": "integer",
364
- "minimum": 0,
365
- "description": "Number of requirements with a generic status change."
366
- },
367
- "moved": {
368
- "type": "integer",
369
- "minimum": 0,
370
- "description": "Number of requirements that were reorganized without content change."
371
- }
372
- },
373
- "description": "Summary statistics for a single source in a multi-source comparison.",
374
- "title": "Per Source Summary"
375
- },
376
- "Comparison_Summary": {
377
- "type": "object",
378
- "unevaluatedProperties": false,
379
- "required": [
380
- "total",
381
- "matchedCount",
382
- "unmatchedOldCount",
383
- "unmatchedNewCount"
384
- ],
385
- "properties": {
386
- "total": {
387
- "type": "integer",
388
- "minimum": 0,
389
- "description": "Total number of unique requirements across all sources."
390
- },
391
- "matchedCount": {
392
- "type": "integer",
393
- "minimum": 0,
394
- "description": "Number of requirements successfully matched between sources."
395
- },
396
- "unmatchedOldCount": {
397
- "type": "integer",
398
- "minimum": 0,
399
- "description": "Number of requirements in the old source with no match in the new source."
400
- },
401
- "unmatchedNewCount": {
402
- "type": "integer",
403
- "minimum": 0,
404
- "description": "Number of requirements in the new source with no match in the old source."
405
- },
406
- "new": {
407
- "type": "integer",
408
- "minimum": 0,
409
- "description": "Number of requirements present only in the new source."
410
- },
411
- "absent": {
412
- "type": "integer",
413
- "minimum": 0,
414
- "description": "Number of requirements present only in the old source."
415
- },
416
- "unchanged": {
417
- "type": "integer",
418
- "minimum": 0,
419
- "description": "Number of requirements with the same effective status."
420
- },
421
- "updated": {
422
- "type": "integer",
423
- "minimum": 0,
424
- "description": "Number of requirements with a generic status change."
425
- },
426
- "fixed": {
427
- "type": "integer",
428
- "minimum": 0,
429
- "description": "Number of requirements that changed from failing to passing."
430
- },
431
- "regressed": {
432
- "type": "integer",
433
- "minimum": 0,
434
- "description": "Number of requirements that changed from passing to failing."
435
- },
436
- "moved": {
437
- "type": "integer",
438
- "minimum": 0,
439
- "description": "Number of requirements that were reorganized without content change."
440
- },
441
- "oldCompliancePercent": {
442
- "type": "number",
443
- "description": "Compliance percentage of the old source (0-100)."
444
- },
445
- "newCompliancePercent": {
446
- "type": "number",
447
- "description": "Compliance percentage of the new source (0-100)."
448
- },
449
- "complianceDelta": {
450
- "type": "number",
451
- "description": "Change in compliance percentage (new - old)."
452
- },
453
- "averageMatchConfidence": {
454
- "type": "number",
455
- "minimum": 0,
456
- "maximum": 1,
457
- "description": "Average confidence score across all requirement matches (0-1)."
458
- },
459
- "bySeverity": {
460
- "$ref": "#/$defs/Severity_Breakdown",
461
- "description": "State counts broken down by severity level."
462
- },
463
- "perSource": {
464
- "type": "array",
465
- "items": {
466
- "$ref": "#/$defs/Per_Source_Summary"
467
- },
468
- "description": "Summary statistics for each individual source in a multi-source comparison."
469
- }
470
- },
471
- "description": "Summary statistics for the overall comparison.",
472
- "title": "Comparison Summary"
473
- },
474
- "Baseline_Diff": {
475
- "type": "object",
476
- "unevaluatedProperties": false,
477
- "required": [
478
- "name",
479
- "state"
480
- ],
481
- "properties": {
482
- "name": {
483
- "type": "string",
484
- "description": "Name of the baseline being compared."
485
- },
486
- "state": {
487
- "type": "string",
488
- "enum": [
489
- "new",
490
- "absent",
491
- "unchanged",
492
- "updated"
493
- ],
494
- "description": "The state of this baseline in the comparison."
495
- },
496
- "oldVersion": {
497
- "type": "string",
498
- "description": "Version of the baseline in the old source."
499
- },
500
- "newVersion": {
501
- "type": "string",
502
- "description": "Version of the baseline in the new source."
503
- },
504
- "mappingSource": {
505
- "type": "string",
506
- "description": "The source of any ID mapping used to correlate requirements across baseline versions."
507
- }
508
- },
509
- "description": "Comparison of a baseline between sources.",
510
- "title": "Baseline Diff"
511
- },
512
- "Component_Diff": {
513
- "type": "object",
514
- "unevaluatedProperties": false,
515
- "required": [
516
- "name",
517
- "state"
518
- ],
519
- "properties": {
520
- "name": {
521
- "type": "string",
522
- "description": "Component name used for matching across system versions."
523
- },
524
- "state": {
525
- "type": "string",
526
- "enum": [
527
- "new",
528
- "absent",
529
- "unchanged",
530
- "updated"
531
- ],
532
- "description": "The state of this component in the comparison."
533
- },
534
- "before": {
535
- "description": "Component snapshot from the old system document."
536
- },
537
- "after": {
538
- "description": "Component snapshot from the new system document."
539
- },
540
- "fieldChanges": {
541
- "type": "array",
542
- "items": {
543
- "$ref": "#/$defs/Field_Change"
544
- },
545
- "description": "Detailed field-level changes between the before and after component snapshots."
546
- }
547
- },
548
- "description": "Comparison of a single component between two system document versions.",
549
- "title": "Component Diff"
550
- },
551
- "Package_Diff": {
552
- "type": "object",
553
- "unevaluatedProperties": false,
554
- "required": [
555
- "purl",
556
- "state"
557
- ],
558
- "properties": {
559
- "purl": {
560
- "type": "string",
561
- "description": "Package URL (purl) used as the identity key for matching across SBOMs."
562
- },
563
- "name": {
564
- "type": "string",
565
- "description": "Human-readable package name."
566
- },
567
- "state": {
568
- "type": "string",
569
- "enum": [
570
- "added",
571
- "removed",
572
- "updated",
573
- "unchanged"
574
- ],
575
- "description": "The state of this package: added (new in new SBOM), removed (absent from new SBOM), updated (version changed), unchanged."
576
- },
577
- "oldVersion": {
578
- "type": "string",
579
- "description": "Package version in the old SBOM."
580
- },
581
- "newVersion": {
582
- "type": "string",
583
- "description": "Package version in the new SBOM."
584
- },
585
- "licenses": {
586
- "type": "array",
587
- "items": { "type": "string" },
588
- "description": "License identifiers for this package."
589
- }
590
- },
591
- "description": "Comparison of a single package between two SBOM versions, matched by purl.",
592
- "title": "Package Diff"
593
- },
594
- "Scanner_Conflict": {
595
- "type": "object",
596
- "unevaluatedProperties": false,
597
- "required": [
598
- "field",
599
- "values"
600
- ],
601
- "properties": {
602
- "field": {
603
- "type": "string",
604
- "description": "The field where the conflict occurs."
605
- },
606
- "values": {
607
- "type": "array",
608
- "items": {
609
- "type": "object",
610
- "unevaluatedProperties": false,
611
- "required": [
612
- "sourceIndex",
613
- "sourceLabel",
614
- "value"
615
- ],
616
- "properties": {
617
- "sourceIndex": {
618
- "type": "integer",
619
- "minimum": 0,
620
- "description": "Zero-based index into the sources array."
621
- },
622
- "sourceLabel": {
623
- "type": "string",
624
- "description": "Human-readable label for the source."
625
- },
626
- "value": {
627
- "description": "The value reported by this source for the conflicting field."
628
- }
629
- }
630
- },
631
- "description": "The conflicting values from each source."
632
- },
633
- "resolvedIndex": {
634
- "type": "integer",
635
- "minimum": 0,
636
- "description": "Index of the source whose value was chosen as the resolution."
637
- },
638
- "resolution": {
639
- "$ref": "#/$defs/Conflict_Resolution",
640
- "description": "How the conflict was resolved."
641
- }
642
- },
643
- "description": "A conflict between scanner results for the same requirement.",
644
- "title": "Scanner Conflict"
645
- },
646
- "Annotation": {
647
- "type": "object",
648
- "unevaluatedProperties": false,
649
- "required": [
650
- "label"
651
- ],
652
- "properties": {
653
- "label": {
654
- "type": "string",
655
- "description": "Human-readable label for this annotation."
656
- },
657
- "description": {
658
- "type": "string",
659
- "description": "Detailed description of the annotation."
660
- },
661
- "category": {
662
- "$ref": "#/$defs/Annotation_Category",
663
- "description": "The category of this annotation."
664
- },
665
- "needsConfirmation": {
666
- "type": "boolean",
667
- "description": "Whether this annotation requires human confirmation before acting on it."
668
- }
669
- },
670
- "description": "An annotation attached to a comparison, providing context or action items.",
671
- "title": "Annotation"
672
- },
673
- "Requirement_Diff": {
674
- "type": "object",
675
- "unevaluatedProperties": false,
676
- "required": [
677
- "id",
678
- "state",
679
- "changeReasons",
680
- "before",
681
- "after",
682
- "fieldChanges"
683
- ],
684
- "properties": {
685
- "id": {
686
- "type": "string",
687
- "description": "The canonical requirement identifier used for this diff."
688
- },
689
- "state": {
690
- "$ref": "#/$defs/Requirement_State",
691
- "description": "The state of this requirement in the comparison."
692
- },
693
- "changeReasons": {
694
- "type": "array",
695
- "items": {
696
- "$ref": "#/$defs/Change_Reason"
697
- },
698
- "description": "The reasons for the state change."
699
- },
700
- "before": {
701
- "oneOf": [
702
- {
703
- "$ref": "https://mitre.github.io/hdf-libs/schemas/hdf-results/v2.0.0#/$defs/Evaluated_Requirement"
704
- },
705
- {
706
- "type": "null"
707
- }
708
- ],
709
- "description": "The requirement as it appeared in the old/reference source. Null when state is 'new'."
710
- },
711
- "after": {
712
- "oneOf": [
713
- {
714
- "$ref": "https://mitre.github.io/hdf-libs/schemas/hdf-results/v2.0.0#/$defs/Evaluated_Requirement"
715
- },
716
- {
717
- "type": "null"
718
- }
719
- ],
720
- "description": "The requirement as it appeared in the new source. Null when state is 'absent'."
721
- },
722
- "fieldChanges": {
723
- "type": "array",
724
- "items": {
725
- "$ref": "#/$defs/Field_Change"
726
- },
727
- "description": "Detailed field-level changes between the before and after versions."
728
- },
729
- "oldId": {
730
- "type": "string",
731
- "description": "The requirement ID in the old source, if different from the canonical id."
732
- },
733
- "newId": {
734
- "type": "string",
735
- "description": "The requirement ID in the new source, if different from the canonical id."
736
- },
737
- "title": {
738
- "type": "string",
739
- "description": "The requirement title for human readability."
740
- },
741
- "oldEffectiveStatus": {
742
- "type": "string",
743
- "description": "The effective status of the requirement in the old source."
744
- },
745
- "newEffectiveStatus": {
746
- "type": "string",
747
- "description": "The effective status of the requirement in the new source."
748
- },
749
- "oldImpact": {
750
- "type": "number",
751
- "minimum": 0,
752
- "maximum": 1,
753
- "description": "The impact score of the requirement in the old source (0-1)."
754
- },
755
- "newImpact": {
756
- "type": "number",
757
- "minimum": 0,
758
- "maximum": 1,
759
- "description": "The impact score of the requirement in the new source (0-1)."
760
- },
761
- "matchStrategy": {
762
- "$ref": "#/$defs/Match_Strategy",
763
- "description": "The strategy that was used to match this requirement across sources."
764
- },
765
- "matchConfidence": {
766
- "type": "number",
767
- "minimum": 0,
768
- "maximum": 1,
769
- "description": "Confidence score for the match (0-1)."
770
- },
771
- "matchManual": {
772
- "type": "boolean",
773
- "description": "Whether the match was manually confirmed by a human."
774
- },
775
- "annotationIds": {
776
- "type": "array",
777
- "items": {
778
- "type": "string"
779
- },
780
- "description": "IDs of annotations attached to this requirement diff."
781
- },
782
- "sourceIndex": {
783
- "type": "integer",
784
- "minimum": 0,
785
- "description": "Index into the sources array for multi-source comparisons."
786
- },
787
- "conflicts": {
788
- "type": "array",
789
- "items": {
790
- "$ref": "#/$defs/Scanner_Conflict"
791
- },
792
- "description": "Conflicts between multiple scanner results for this requirement."
793
- },
794
- "beforeSensitive": {
795
- "type": "object",
796
- "additionalProperties": true,
797
- "description": "Sensitive data from the old source that should not be included in the main before snapshot."
798
- },
799
- "afterSensitive": {
800
- "type": "object",
801
- "additionalProperties": true,
802
- "description": "Sensitive data from the new source that should not be included in the main after snapshot."
803
- }
804
- },
805
- "description": "A comparison of a single requirement between sources, including state, changes, and full before/after snapshots.",
806
- "title": "Requirement Diff"
807
- }
808
- }
809
- }