VCIO: Improve API for vulnerability scores

[pombredanne]

The API for a vulnerability returns score like this:

{
                    "reference_url": "https://github.com/log4js-node/streamroller/pull/87",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "5.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/log4js-node/streamroller/pull/87"
                },

This is poorly usable by consumer and requires a lot of post processing.

We should expose the data in an improved way TBD.

1. we could provide the severity score range like in the UI, see https://github.com/aboutcode-org/vulnerablecode/blob/d62f3778936d8444b7a88be8d8bdad1ccfd44a58/vulnerabilities/views.py#L167 but this would need to be structure such that this can be used for sorting
2. we could also invert the data above and provide a list of scores firt and references as attributes

[tdruez]

@TG1999 In the very short term, could you add a severity_score_range field to the VulnerabilitySerializer that would return the values computed from get_severity_range()? This would go a long way to avoid any duplication on the data consumer side.

[Sanskriti0805]

hello ! if this is still available can i work upon this ?

[pombredanne]

We no longer return nor deal with severity ranges and we have moved to the new risk scoring. I am closing this now as wontfix.

@Sanskriti0805 Sorry for the late reply but this was a moot issue.