Rather than storing None, the pipeline should compute and store valid CVSS scores from CVSS vector using Cvssv2ScoringSystem.compute and Cvssv3ScoringSystem.compute.
|
VulnerabilitySeverity( |
|
system=SCORING_SYSTEMS["cvssv2"], |
|
scoring_elements=cvss_v2, |
|
value=None, |
|
url=advisory_url, |
|
) |
|
) |
|
if cvss_v3: |
|
scoring_system = SCORING_SYSTEMS["cvssv3"] |
|
if cvss_v3.startswith("CVSS:3.1/"): |
|
scoring_system = SCORING_SYSTEMS["cvssv3.1"] |
|
severities.append( |
|
VulnerabilitySeverity( |
|
system=scoring_system, |
|
scoring_elements=cvss_v3, |
|
value=None, |
|
url=advisory_url, |
|
) |
Rather than storing
None, the pipeline should compute and store valid CVSS scores from CVSS vector usingCvssv2ScoringSystem.computeandCvssv3ScoringSystem.compute.vulnerablecode/vulnerabilities/pipelines/v2_importers/gitlab_importer.py
Lines 306 to 323 in 77e9052