osv-scanner icon indicating copy to clipboard operation
osv-scanner copied to clipboard
verified publisher icon google

Include CVSS MaxSeverity in JSON output

Open yene opened this issue 2 years ago • 4 comments

feature request

The markdown and table output include a CVSS score, calculated by MaxSeverity(). It would be really handy to have this score in the results[].packages[].vulnerabilities[] object for easy scripting against the output.

Note: Since the severity score is so hard to read for humans, maybe max severity should be part of the Vulnerability struct.

thank you

yene avatar Aug 20 '23 13:08 yene

@another-rex does this seem like something that would fit under "groups" ?

oliverchang avatar Sep 21 '23 01:09 oliverchang

@oliverchang please consider this issue, it would enable scripting in build pipelines, something like osv-scanner -r -json --format json | jq '.[]....score >= 9' osv-scanner -r -json --format json | jq '.[]....severity == critical'

thank you for your time.

yene avatar Feb 12 '24 10:02 yene

Hi there.

I'd be happy to jump into this issue and suggest changes to the structs and JSON generation.

Kind regards, Omri

AppleGamer22 avatar Feb 13 '24 00:02 AppleGamer22

Happy to take contributions!,

I think this is a pretty good idea to put the MaxSeverity calculation directly onto the Group struct, I just haven't had time to do it yet.

another-rex avatar Feb 13 '24 01:02 another-rex