Add Ubuntu severity type to the schema and docs (#337)

dodys · oliverchang · web-flow · commit 10ada0bf62b7 · 2025-03-03T11:08:57.000+11:00
Relates to issue #323 --------- Signed-off-by: Eduardo Barretto <eduardo.barretto@canonical.com> Signed-off-by: Eduardo Barretto <edusbarretto@gmail.com> Co-authored-by: Oliver Chang <oliverchang@users.noreply.github.com>
diff --git a/docs/schema.md b/docs/schema.md
@@ -629,6 +629,7 @@ describes the quantitative method used to calculate the associated `score`.
 | `CVSS_V2` | A CVSS vector string representing the unique characteristics and severity of the vulnerability using a version of the [Common Vulnerability Scoring System notation](https://www.first.org/cvss/v2/guide#Metric-Groups) that is == 2.0 (e.g.`"AV:L/AC:M/Au:N/C:N/I:P/A:C"`).|
 | `CVSS_V3` | A CVSS vector string representing the unique characteristics and severity of the vulnerability using a version of the [Common Vulnerability Scoring System notation](https://www.first.org/cvss/v3.0/specification-document#Vector-String) that is >= 3.0 and < 4.0 (e.g.`"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N"`).|
 | `CVSS_V4` | A CVSS vector string representing the unique characteristics and severity of the vulnerability using a version on the [Common Vulnerability Scoring System notation](https://www.first.org/cvss/v4.0/specification-document#Vector-String) that is >= 4.0 and < 5.0 (e.g. `"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"`). |
+| `Ubuntu`  | A lowercased string representing the [Ubuntu priority](https://ubuntu.com/security/cves/about#priority). This is based on many factors including severity, importance, risk, estimated number of affected users, software configuration, active exploitation, and other factors.
 | Your quantitative severity type here. | [Send us a PR](https://github.com/ossf/osv-schema/compare). |
 
 ### severity[].score field
diff --git a/validation/schema.json b/validation/schema.json
@@ -393,7 +393,8 @@
             "enum": [
               "CVSS_V2",
               "CVSS_V3",
-              "CVSS_V4"
+              "CVSS_V4",
+              "Ubuntu"
             ]
           },
           "score": {
@@ -448,6 +449,28 @@
                 }
               }
             }
+          },
+          {
+            "if": {
+              "properties": {
+                "type": {
+                  "const": "Ubuntu"
+                }
+              }
+            },
+            "then": {
+              "properties": {
+                "score": {
+                  "enum": [
+                    "negligible",
+                    "low",
+                    "medium",
+                    "high",
+                    "critical"
+                  ]
+                }
+              }
+            }
           }
         ],
         "required": [
