in pkg/vul/convert/trivy/trivy.go [64:126]
func convertNote(s *utils.Source, v *gabs.Container) *g.Note {
cve := v.Search("VulnerabilityID").Data().(string)
if v.Search("CVSS", "nvd").Data() == nil {
return nil
}
nvd := v.Search("CVSS", "nvd")
n := g.Note{
ShortDescription: cve,
RelatedUrl: []*g.RelatedUrl{
{
Label: "Registry",
Url: s.URI,
},
{
Label: "PrimaryURL",
Url: v.Search("PrimaryURL").Data().(string),
},
},
Type: &g.Note_Vulnerability{
Vulnerability: &g.VulnerabilityNote{
// Details in Notes are not populated since we will never see the full list
Details: []*g.VulnerabilityNote_Detail{
{
AffectedCpeUri: "N/A",
AffectedPackage: "N/A",
},
},
Severity: utils.ToGrafeasSeverity(v.Search("Severity").Data().(string)),
SourceUpdateTime: utils.ToGRPCTime(v.Search("LastModifiedDate").Data()),
},
},
} // end note
// CVSSv2
if nvd.Search("V2Vector").Data() != nil {
n.LongDescription = nvd.Search("V2Vector").Data().(string)
n.GetVulnerability().CvssVersion = g.CVSSVersion_CVSS_VERSION_2
n.GetVulnerability().CvssScore = utils.ToFloat32(nvd.Search("V2Score").Data())
}
// CVSSv3, will override v2 values
if nvd.Search("V3Vector").Data() != nil {
n.LongDescription = nvd.Search("V3Vector").Data().(string)
n.GetVulnerability().CvssVersion = g.CVSSVersion_CVSS_VERSION_3
n.GetVulnerability().CvssScore = utils.ToFloat32(nvd.Search("V3Score").Data())
n.GetVulnerability().CvssV3 = utils.ToCVSSv3(
utils.ToFloat32(nvd.Search("V3Score").Data()),
nvd.Search("V3Vector").Data().(string),
)
}
// References
for _, r := range v.Search("References").Children() {
n.RelatedUrl = append(n.RelatedUrl, &g.RelatedUrl{
Url: r.Data().(string),
Label: "Url",
})
}
return &n
}