Skip to content

feat(github): capture cvss_severities and additional reference urls #1032

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
westonsteimel merged 3 commits into from
Feb 3, 2026
Merged

feat(github): capture cvss_severities and additional reference urls #1032

westonsteimel merged 3 commits into from
Feb 3, 2026

Conversation

@westonsteimel
Copy link
Contributor

@westonsteimel westonsteimel commented Feb 1, 2026
edited
Loading

Capture the new cvssSeverities property from the GitHub GraphQL api, but retain the legacy CVSS property behaviour in our output json to avoid breaking schema changes. This allows this vunnel change to land independently of the grype-db parsing change and keeps v5 schema dbs going for now. Additionally capture all reference urls in the vunnel output. It is necessary to bump the github provider version to 2 because this is an iterative provider and we need to ensure all of history is pulled again since the input is changing.

Resolves #871
Resolves #646

@westonsteimel westonsteimel added the run-pr-quality-gate Triggers running of quality gate on PRs label Feb 1, 2026
@westonsteimel westonsteimel force-pushed the github-cvss-severities branch 6 times, most recently from 26c5498 to ef7979a Compare February 1, 2026 00:53
@westonsteimel westonsteimel changed the title feat(github): support new cvss_severities property feat(github): capture cvss_severities and additional reference urls Feb 1, 2026
@westonsteimel westonsteimel force-pushed the github-cvss-severities branch 9 times, most recently from f429351 to 710d12e Compare February 1, 2026 19:25
@westonsteimel westonsteimel marked this pull request as ready for review February 2, 2026 10:14
@westonsteimel westonsteimel requested a review from a team February 2, 2026 10:39
@westonsteimel westonsteimel force-pushed the github-cvss-severities branch from 4180ff0 to 01b6558 Compare February 2, 2026 21:57
@spiffcs
Copy link
Contributor

spiffcs commented Feb 3, 2026

@westonsteimel this looks good to me

If you want I can also take a look at the grype-db changes when those land or if you're full on work I can take a stab at getting it updated so grype-db can parse these new fields and land them in the DB 😄

@westonsteimel westonsteimel merged commit 2705606 into main Feb 3, 2026
12 checks passed
@westonsteimel westonsteimel deleted the github-cvss-severities branch February 3, 2026 10:01
@westonsteimel westonsteimel mentioned this pull request Feb 3, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@spiffcs spiffcs spiffcs approved these changes

Assignees

No one assigned

Labels

run-pr-quality-gate Triggers running of quality gate on PRs

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

CVSS data from Github will stop working after 2025-10-01 github: persist all of the reference links in the final result

3 participants

@westonsteimel @spiffcs