feat(vulnsrc/nvd): add CVSS v4.0

aquasecurity / trivy-db

Apache License 2.0

215 stars 131 forks source link

feat(vulnsrc/nvd): add CVSS v4.0 #414

Closed MaineK00n closed 2 months ago

MaineK00n commented 2 months ago

Description

Supports NVD CVSS V4.0 Schema with Trivy DB. https://github.com/aquasecurity/vuln-list-update/pull/297

How has this been tested?

I've run the test cases using make test and all of them passed.

knqyf263 commented 2 months ago

I wanted to test it on real data, but I could not do it since NVD only publishes CVSSv4 scored by other CNAs and has not yet published CVSSv4 by NVD itself. However, I think the implementation is good and will merge it.

DmitriyLewen commented 2 months ago

I could not do it since NVD only publishes CVSSv4 scored by other CNAs and has not yet published CVSSv4 by NVD itself

I saw it too. I renamed source field in few CVE files (to test) and it worked well.