Add support of CVSS v4.0

ossf / osv-schema

Open Source Vulnerability schema.

https://ossf.github.io/osv-schema/

Apache License 2.0

176 stars 75 forks source link

Add support of CVSS v4.0 #213

Closed pandatix closed 9 months ago

pandatix commented 9 months ago

This PR comes to unlock #166 which seems stuck.

What does it bring ?

Basic support of CVSS v4.0, I'll open another issue about #178 about validating the CVSS vectors soon, as the FIRST.ORG SIG CVSS provide official CVSS validation regex we could use for schema validation.

The string representation (aka vector) example comes from the CVSS v4.0 Specification Document Section 7.

pandatix commented 9 months ago

@oliverchang here is the PR :)