Enhance malicious-package-report object with OSV credits, purl, and reference-type; bump version by adulau · Pull Request #519 · MISP/misp-objects

adulau · 2026-05-11T10:11:36Z

Enrich the malicious-package-report object to better capture OSV-origin metadata such as credits, reference kinds, and package URLs for improved attribution and correlation.
Clarify the analysis field to indicate common sourcing from OSV summaries and related contextual fields.
Bump the object version to reflect the backwards-incompatible schema additions.

Extended the analysis description to note that it is typically sourced from OSV summary/details and contextual fields.
Added credit and credit-role attributes to capture OSV credits[] entries and roles, with credit-role providing a sane_default list of common role values.
Added package-purl attribute to store the OSV package.purl for better cross-advisory correlation.
Added reference-type attribute to capture OSV references[].type values with a sane_default list, and bumped version from 1 to 4.

Ran JSON/schema validation for object definitions and repository linters against the modified definition.json, and the checks completed successfully.
No changes were made to existing unit tests, and no test failures were observed when validating the updated schema.

malicious-package-report: add sane defaults for credit roles

25d505f

adulau added the codex label May 11, 2026 — with ChatGPT Codex Connector

adulau merged commit 7655f0b into main May 11, 2026
2 of 7 checks passed

Provide feedback