Add optional CVSS vectors to vulnerability objects
What does this MR do?
This MR adds an optional cvss_vectors
field to the vulnerability object.
The field's object requires a vendor
and a vector
which help identify
a valid CVSS score, and the vendor that assigned it (for example RedHat).
To validate successfully, the optional field must have at least one item,
and it must match a known CVSS pattern (either 2, 3.0, or 3.1).
What are the relevant issue numbers?
Closes gitlab-org/gitlab#422031 (closed)
Checklist
-
Ensure changes can be built upon without requiring a breaking change, see Building for Extensibility. -
Review and add/update tests for this feature/bug. -
Add an entry to the CHANGELOG if required, with the appropriate version. See Classifying Changes. -
Assign the MR to the appropriate person/people for review.