➹ New Feature implementation request

Describe the solution you'd like

Findings that are generated by SCB should be automatically validated so devs can rely on certain attributes existing, having a specific types, matching a specific pattern etc..

Additional context

A common format for specifying and validating JSON is JSON Schema. However there exist many different versions (Drafts) to choose from.

As the SCB Project uses OpenAPI 3.0 to specify Resources in Kubernetes we would like the JSON Schema to be compatible to the OpenAPI JSON Schema, that is basically JSON Schema Draft 05 with some changes. However we could not find a JavaScript Library that can validate the OpenAPI JSON Schema or JSON Schema Draft 05.

However there exists a JavaScript Library to convert JSON Schema Draft 04 to OpenAPI 3.0 and one that does it in reverse. Also the biggest JavaScript Library for Validating JSON Ajv supports Draft 04.

Therefore the SCB Findings Format should be specified in JSON Schema Draft 04.

• Create JSON Schema
• Validate in Unit Tests
• Validate in Integration Tests

Also there are some Issues with the results that are currently produced that will be tracked here:

• Findings don't always contain a location
• Findings Locations should ideally be a uri/url but are currently not. Example: "localhost"