csaf-validator

Crates.iocsaf-validator
lib.rscsaf-validator
version0.3.1
created_at2025-06-20 12:25:43.33141+00
updated_at2025-11-27 10:40:12.121088+00
descriptionA validator for the CSAF standard written in Rust
homepage
repositoryhttps://github.com/csaf-rs/csaf
max_upload_size
id1719527
size37,049
(tschmidtb51)

documentation

README

csaf-rust

This repository is a reference implementation for the CSAF standard in Rust that relies on automatically generating CSAF document structs from the JSON schema.

This is work-in-progress.

Structure

  • csaf-validator contains a command line tool to validate CSAF documents.
  • csaf-rs contains the actual validator library which currently publishes a crate to crates.io. In the future there will be a WASM version published to NPM and also bindings to other languages via UniFFI.

Minimum required Rust version (MSRV)

1.85.1

Build

If you want to build csaf-validator on your own, please install Rust (see https://rustup.rs) and then run

# make sure submodules are up-to-date
git submodule init
git submodule update --remote

# make sure that local assets are in sync with git submodules
./update_assets.sh

# run the tests
cargo test

# build for release
cargo build --release

The final binary will be in target/release and can then be installed, for example, in a system-wide folder.

Build WASM Bindings

If you want to build the WASM bindings locally, install wasm-pack (make sure ~/.cargo/bin is in the path) and execute it:

cargo install wasm-pack
wasm-pack build csaf-rs --scope csaf-rs

This will create a JavaScript/TypeScript package in csaf-rs/pkg.

Usage

After building or downloading csaf-validator from the available releases, the usage is quite simple and additional help can be display using --help.

A validator for CSAF documents

Usage: csaf-validator [OPTIONS] <PATH>

Arguments:
  <PATH>  

Options:
  -c, --csaf-version <CSAF_VERSION>  Version of CSAF to use [default: 2.0]
  -p, --preset <PRESET>              The validation preset to use [default: basic]
  -t, --test-id <TEST_ID>            Run only the selected tests, may be specified multiple times
  -h, --help                         Print help
  -V, --version                      Print version

Some examples to use are included below. Please note that the validation is not yet fully implemented!

# validate a CSAF 2.0 document with profile basic (the default)
csaf-validator --csaf-version 2.0 my-csaf-2-0-document.json

# validate a CSAF 2.0 document with profile full
csaf-validator --csaf-version 2.0 --preset full my-csaf-2-0-document.json

# validate a CSAF 2.1 document with one specific test
csaf-validator --csaf-version 2.1 --test-id 6.1.34 my-csaf-2-1-document.json
Commit count: 0

cargo fmt