Display the CVSS in suggestion data

Nix-Security-WG / nix-security-tracker

Web service for managing information on vulnerabilities in software distributed through Nixpkgs

34 stars 8 forks source link

Display the CVSS in suggestion data #290

Open fricklerhandwerk opened 4 weeks ago

fricklerhandwerk commented 4 weeks ago

As a security team member, I want to assess the severity of a CVE at a glance, and be able to inspect it in more detail.

Depends on:

https://github.com/Nix-Security-WG/nix-security-tracker/issues/330

erictapen commented 1 week ago

desktop

@fricklerhandwerk and I did a rough sketch for it. The base score is shown next to the CVE id in the upper left hand corner. By clicking on it it unfolds into a table that displays the different components of the vector, including links to the documentation of the individual fields. For now we just screenshotted the explanations from nvd.nist.gov.

erictapen commented 6 days ago

What is this blocked by again?

fricklerhandwerk commented 6 days ago

@erictapen #330 -- there are some kinks in the data model. That we're missing out on 1/3 of available metadata because we're not parsing unparsed CVSS is not a hard blocker.

But that doesn't preclude building up the UI, it just precludes delivering the feature.