Add cvssScore to Vulnerability type

z-arnott / Vega

0 stars 0 forks source link

Add cvssScore to Vulnerability type #14

Open z-arnott opened 1 year ago

z-arnott commented 1 year ago

Vulnerability type is defined in types.utils and includes CVSS vector, but not CVSS score

Both NVD and Sonatype return the score value. types.utils should be updated to include the cvss score queryFacade.utils should be updated to retrieve the the cvss score from the response from NVD or Sonatype

z-arnott commented 1 year ago

also correct typo in packageId field

rhass-uta commented 1 year ago

To be clear - you want add a cvss_score parameter in both vulnerability and package types so we can retrieve it from NVD/Sonatype? Seems limited in its usefulness.

rhass-uta commented 1 year ago

What's the typo in the packageid field about?

rhass-uta commented 1 year ago

Clarification from Zoe:

Query in query facade to retrieve from NVD/Sonatype
Add it to vulnerability parameters in types.utils
Add another issue about potential confusion with naming as cvss_score, cvss_severity (cvss) and risk (vega's)

z-arnott commented 1 year ago

@rhass-uta are you fixing this issue? should I assign you?