Question - CVSS in config file

MobSF / mobsfscan

mobsfscan is a static analysis tool that can find insecure code patterns in your Android and iOS source code. Supports Java, Kotlin, Swift, and Objective C Code. mobsfscan uses MobSF static analysis rules and is powered by semgrep and libsast pattern matcher.

GNU Lesser General Public License v3.0

607 stars 97 forks source link

Question - CVSS in config file #56

Closed u001157 closed 1 year ago

u001157 commented 1 year ago

Hello, I'm new using this tool.

So I'd like to know if it's possible to configure the CVSS parameters in the configuration file. How does the tool make this calculation?

ajinabraham commented 1 year ago

We do not plan to support CVSS for the findings. CVSS should be calculated dynamically based on multiple factors.