local-php-security-checker icon indicating copy to clipboard operation
local-php-security-checker copied to clipboard
verified publisher icon fabpot

Add CVSS and Сomplexity for CVE

Open ignatenkovnikita opened this issue 3 years ago • 4 comments

ignatenkovnikita avatar Apr 14 '22 11:04 ignatenkovnikita

Thanks for the PR! I was looking for something similar. @fabpot could you have a look if this is something you want to add?

StevendeVries avatar Jun 28 '22 13:06 StevendeVries

We would need this info to be provided in the DB, which is not the case right now. So, the new fields would always be empty, right?

fabpot avatar Jun 28 '22 13:06 fabpot

if I got it correctly, the implementation is getting the info from the https://cve.circl.lu database by issuing an API call for each advisories found.

This could be nice to have to know quickly if an advisory is severe or not. But the current implementation could cause the tool to become quite slow if you have several advisories (some requests can be slow, for example https://cve.circl.lu/api/cve/CVE-2022-23601 takes more than a second).

tucksaun avatar Jun 28 '22 15:06 tucksaun

I should have looked at the code :) I think this is out of the scope of this tool then.

fabpot avatar Jun 28 '22 16:06 fabpot