Expose KEV and EPSS score to Vulnerability Entity and Serializer (!175792) · Merge requests · GitLab.org / GitLab

Yasha Rise requested to merge 499408-expose-kev-and-epss-score-to-vulnerability-entity-and-serializer into master Dec 15, 2024

What does this MR do and why?

Exposes EPSS and KEV so they may be displayed in the UI in the vulnerability page.

This MR is part of an original implementation from Resolve "Expose CVSS, KEV and EPSS score to Vul... (!172706 - merged). Following the implementation, there was an impact on DB resources. As a result, the original MR was reverted.

This MR exposes only EPSS and KEV data, without CVSS data, as the latter is proving to be complex. Instead of blocking EPSS and KEV on CVSS, we iterate with this MR. See discussion in Reimplement "Expose CVSS, KEV and EPSS score to... (!175056).

Related to #499408

References

Please include cross links to any resources that are relevant to this MR. This will give reviewers and future readers helpful context to give an efficient review of the changes introduced.

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Screenshots or screen recordings

Screenshots are required for UI changes, and strongly recommended for all other merge requests.

Before	After

How to set up and validate locally

Numbered steps to set up and validate the change are strongly suggested.

Related to #499408

Edited Dec 17, 2024 by Yasha Rise

Expose KEV and EPSS score to Vulnerability Entity and Serializer

What does this MR do and why?

References

MR acceptance checklist

Screenshots or screen recordings

How to set up and validate locally

Merge request reports