Support CVSS3.1 values also for severity calculation
What does this MR do?
Support CVSS strings starting with CVSS:3.1
in calculating severity of the vulnerability. The library we use under the hood - https://github.com/spiegel-im-spiegel/go-cvss/ supports this.
Without this change, many new vulnerabilities are marked with Unknown
severity.
Does this MR meet the acceptance criteria?
-
Changelog entry added -
Documentation created/updated for GitLab EE, if necessary -
Documentation created/updated for this project, if necessary -
Documentation reviewed by technical writer or follow-up review issue created -
Tests added for this feature/bug -
Job definition updated, if necessary -
Conforms to the code review guidelines -
Conforms to the Go guidelines -
Security reports checked/validated by reviewer
Edited by Julian Thome