in src/main/java/com/amazon/inspector/jenkins/amazoninspectorbuildstep/csvconversion/CsvConverter.java [314:340]
protected String getSeverity(Vulnerability vulnerability) {
final String OTHER = "OTHER";
if (vulnerability == null || vulnerability.getRatings() == null) {
return OTHER;
}
List<Rating> ratings = vulnerability.getRatings();
if (ratings.isEmpty()) {
return OTHER;
}
final String nvd = "NVD";
final String cvss = "CVSSv3";
for (Rating rating : ratings) {
String sourceName = rating.getSource().getName();
String method = rating.getMethod();
if (sourceName.equals(nvd) && method.startsWith(cvss)) {
return rating.getSeverity();
}
}
return ratings.get(0).getSeverity();
}