dependency-track display CVEs from github the same way as the CVEs from NVD

display CVEs from github the same way as the CVEs from NVD

Open Mtothexmax opened this issue 6 months ago • 0 comments

Current Behavior

Many old vulnerabilities in github do not have a CVSS vector, nor a score. So no score gets displayed in the gui for an opened vulnerability from github. Also in the exported vex with CVEs with github as a source there is no score not vector.

Proposed Behavior

Newer vulnerabilities have a score and a vector as can be seen here: https://github.com/advisories/GHSA-w24x-87mr-4r23

Please support it the same way as the CVEs from NVD (so that in the vex file that is exported from dependency track) the score and cvss vector are there)

Checklist

[X] I have read and understand the contributing guidelines
[X] I have checked the existing issues for whether this enhancement was already requested

Aug 08 '24 11:08 Mtothexmax

dependency-track dependency-track copied to clipboard

display CVEs from github the same way as the CVEs from NVD

Current Behavior

Proposed Behavior

Checklist

dependency-track
dependency-track copied to clipboard