Skip to content

Expose CVSS to Single Vulnerability Page

Yasha Riserequested to merge
499408-expose-cvss-to-vulnerability-entity-and-serializer into master

What does this MR do and why?

Expose CVSS data so it may be displayed in the UI in the vulnerability page.

This was originally attempted in Remove failing spec from memory_killer_spec.rb (!17270 - merged) and in Reimplement "Expose CVSS, KEV and EPSS score to... (!175056 - closed). The attempts did not fall within performance guidelines and were therefore disregarded.

To overcome the performance challenges, we implemented Add cve column to pm_advisories (#510321 - closed). This enables us to directly query CVSS data by CVE using the cve column, which before required JSON parsing.

Note that only CVSS v3 needs to be exposed.

See Expose KEV and EPSS score to Vulnerability Enti... (!175792 - merged) for reference.

Related to Expose CVSS, KEV and EPSS score to Vulnerabilit... (#499408 - closed).

References

Please include cross links to any resources that are relevant to this MR. This will give reviewers and future readers helpful context to give an efficient review of the changes introduced.

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Screenshots or screen recordings

Screenshots are required for UI changes, and strongly recommended for all other merge requests.

Before After

How to set up and validate locally

Numbered steps to set up and validate the change are strongly suggested.

Related to #499408 (closed)

Edited by Yasha Rise

Merge request reports