/api/v1/purl/{id} does not contain advisories.status.vulnerability.severity field
#1099
Labels
UI-V1 parity
Tasks needed to get done for V1 UI parity
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Fetching data from
/api/v1/purl/{id}returns a response like the JSON below (I removed field and leave only the main ones):{ "uuid": "269e3024-cbc2-5c63-9bb8-da09f3a5a067", "purl": "pkg:rpm/redhat/[email protected]_8?arch=x86_64", "advisories": [ { "document_id": "CVE-2023-44487", "status": [ { "vulnerability": { "normative": true, "identifier": "CVE-2023-44487", "title": "The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.", "description": "The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.", "reserved": "2023-09-29T00:00:00Z", "published": "2023-10-10T00:00:00Z", "modified": "2024-08-19T07:48:04.546Z", "withdrawn": null, "discovered": null, "released": null, "cwes": [] }, "status": "fixed" } ] } ], "licenses": [] }The
advisories.status.vulnerabilityobject does not have "severity".The reason to have "severity" is that there is the UI table below:
For each of the vulnerabilities found, there is the need to render the Severity of it. Currently the UI is fetching the severity for each Vulnerability calling to
/api/v1/vulnerability/{id}. So, if the table has 10 elements then/api/v1/vulnerability/{id}will be called 10 times too.If we were able to include the severity then we could significantly reduce the number of calls done to the backend.
@jcrossley3 tagging you here as you did previous work similar to this one to reduce the number of calls from the UI to the backend.
The text was updated successfully, but these errors were encountered: