Use the new `id` property instead of `cve` for remediations when parsing common security report format
Problem to solve
After the addition of the new id
property to replace the legacy cve
one, we need to leverage it when parsing the security reports in the rails backend.
Intended users
Further details
Proposal
- update the common security parser to use
id
instead ofcve
if available when handling remediations. We should fallback tocve
if there is noid
.
Permissions and Security
Documentation
Availability & Testing
What does success look like, and how can we measure that?
report submitted with an id
property for vulnerabilities and remediations are correctly parsed by the rails application
What is the type of buyer?
Links / references
Implementation plan
- change common parser to adapt
id
instead ofcve
where possible
Edited by Can Eldem