Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Get vulnerability severity #26

Closed
Tracked by #3
dloez opened this issue May 11, 2023 · 1 comment
Closed
Tracked by #3

Get vulnerability severity #26

dloez opened this issue May 11, 2023 · 1 comment
Labels
enhancement New feature or request

Comments

@dloez
Copy link
Owner

dloez commented May 11, 2023
edited
Loading

We need to retrieve the level of each vulnerability from OSV, this should be done in the collect_vulnerabilities Huey task.
Also, calculate the number of each vulnerability levels and the total so we can serve that data without needing to recalculate it once again for each serve.
@dloez dloez mentioned this issue May 11, 2023
Closed
12 tasks
@github-actions github-actions bot added the needs triage This issue needs to be revised and clasified label May 11, 2023
@dloez dloez mentioned this issue May 11, 2023
Closed
@dloez dloez added enhancement New feature or request and removed needs triage This issue needs to be revised and clasified labels May 11, 2023
@dloez dloez changed the title Update the dependencies model to have the amount of each level of vulnerabilities Get vulnerability severity May 12, 2023
@dloez
Copy link
Owner Author

dloez commented May 12, 2023

This is more complex that I first thought, this is an example of the severity returned by OSV of a vulnerability:

"severity": [
    {
        "type": "CVSS_V3",
        "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H"
    }
]

OSV returns a CVSS_VX string, we need to store that severity and, for the moment, calculate its average score and a string representation.
More information can be found here.

@dloez dloez mentioned this issue May 14, 2023
Merged
@dloez dloez closed this as completed May 14, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@dloez