django-DefectDojo icon indicating copy to clipboard operation
django-DefectDojo copied to clipboard
verified publisher icon DefectDojo

Openvas CSV Parser - Severity management

Open ptitkosmos opened this issue 6 months ago • 1 comments

Is your feature request related to a problem? Please describe Openvas does not make difference between High and Critical vulnerabilities. So even vulnerability above 9 is tagged as High. In Openvas XML parser, it seems it have been a mapping done previously to deal with such case.

Describe the solution you'd like Now there is the cvss score in csv parser, it would be nice to map the severity regarding the value if available. Ensure same is done on xml parser.

Describe alternatives you've considered As I build the csv myself, I implemented the mapping on my side.

Additional context Code in xml parser Image

ptitkosmos avatar Jun 12 '25 12:06 ptitkosmos

I don't understand your report.Both the XML and CSV parser use the literal value provided in the uploaded report (severity column or threat field). Are you requesting the the parsers uses a value based on the CVSS score instead?

valentijnscholten avatar Jun 12 '25 16:06 valentijnscholten

Could you give us an update on this @ptitkosmos ?

manuel-sommer avatar Jul 03 '25 06:07 manuel-sommer

Hello, yes i want the parser to rewrite the severity related to the cvss score if available in the report. Because Openvas sets severity to High for cvss from 7 to 10 included. Openvas doesn't use the "critical" severity at all. So the severity is wrong in DefectDojo.

ptitkosmos avatar Jul 03 '25 13:07 ptitkosmos