lread
commented
3 months ago Hiya @seancorfield! When you find some time and interest, lemme know what you think.
Closed lread closed 2 months ago
lread
commented
3 months ago Hiya @seancorfield! When you find some time and interest, lemme know what you think.
seancorfield
commented
3 months ago I'm dedicating a few days in the second half of this week to OSS so I'll take a look in a few days.
seancorfield
commented
2 months ago Very nice refactorings there -- thank you!
Include a 2-line summary of findings that reports the number of dependencies scanned, vulnerabilities found, and vulnerabilities broken down by severity.
The break down by severity makes no effort to distinguish between CVSS2, CVSS3 and CVSS4 scores. For example, CVSS2 has no Critical severity, so a High CVSS2 could be classified as a Critical CVSS3/CVSS4. For a summary, I think this is fine.
Accounts for possibility that data might have unspecified or unrecognized severity values. I think this is less likely for dependency-check (at least today as I've looked at the downloaded db), but have less of an idea of what values github-advisory might return.
Some minor cleanups in touched code:
Closes #87