crash.software
Projects
Pull Requests
Issues
Builds
grype
Code
Files
Commits
Branches
Tags
Pull Requests
Code Comments
Code Compare
Issues
Builds
Statistics
Child Projects
cra.sh
RESTful API
Projects STRLCPY grype Commits 77eb4bb5
🤬

  • feat: add source and type to CVSS information (#1317)

    Adds source and type to the CVSS score information to allow
identification of the organization that submitted the score and whether
they are a primary or secondary source.

Signed-off-by: Weston Steimel <[email protected]>
  • Loading...
  • Weston Steimel committed with GitHub 11 months ago
    77eb4bb5
    1 parent 2d1dcd72
  • ■ ■ ■ ■ ■ ■
    grype/db/v5/vulnerability_metadata.go
    skipped 22 lines
    23 23   Metrics CvssMetrics `json:"metrics"`
    24 24   Vector string `json:"vector"` // A textual representation of the metric values used to determine the score
    25 25   Version string `json:"version"` // The version of the CVSS spec, for example 2.0, 3.0, or 3.1
     26 + Source string `json:"source"` // Identifies the organization that provided the score
     27 + Type string `json:"type"` // Whether the source is a `primary` or `secondary` source
    26 28  }
    27 29   
    28 30  // CvssMetrics are the quantitative values that make up a CVSS score.
    skipped 49 lines
  • ■ ■ ■ ■ ■ ■
    grype/presenter/models/cvss.go
    skipped 2 lines
    3 3  import "github.com/anchore/grype/grype/vulnerability"
    4 4   
    5 5  type Cvss struct {
     6 + Source string `json:"source,omitempty"`
     7 + Type string `json:"type,omitempty"`
    6 8   Version string `json:"version"`
    7 9   Vector string `json:"vector"`
    8 10   Metrics CvssMetrics `json:"metrics"`
    skipped 14 lines
    23 25   vendorMetadata = make(map[string]interface{})
    24 26   }
    25 27   cvss = append(cvss, Cvss{
     28 + Source: score.Source,
     29 + Type: score.Type,
    26 30   Version: score.Version,
    27 31   Vector: score.Vector,
    28 32   Metrics: CvssMetrics{
    skipped 10 lines
  • ■ ■ ■ ■ ■ ■
    grype/vulnerability/metadata.go
    skipped 14 lines
    15 15  }
    16 16   
    17 17  type Cvss struct {
     18 + Source string
     19 + Type string
    18 20   Version string
    19 21   Vector string
    20 22   Metrics CvssMetrics
    skipped 26 lines
    47 49   var cvss []Cvss
    48 50   for _, score := range m {
    49 51   cvss = append(cvss, Cvss{
     52 + Source: score.Source,
     53 + Type: score.Type,
    50 54   Version: score.Version,
    51 55   Vector: score.Vector,
    52 56   Metrics: CvssMetrics{
    skipped 18 lines
Please wait...
Page is in error, reload to recover