search

jeremylong / DependencyCheck

OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.
https://owasp.org/www-project-dependency-check/
Apache License 2.0
6.13k stars 1.23k forks source link

Recategorise CVSS Score with Environmental Score #6730

Open Spawney opened 2 weeks ago

Spawney commented 2 weeks ago

Is it possible to recategorise a CVSS score based on Environmental factors in some form of suppression type file?

aikebah commented 2 weeks ago

No, CVSS scores reported by this tool are always the static base scores, there is no support for reporting an environment-adjusted score.