You can use Common Vulnerability Scoring System (CVSS) version 3 in your SourceClear Software Composition Analysis rules to evaluate your vulnerabilities against the latest version of the standard.
Before you begin
You must have the Enterprise subscription plan to use CVSS 3 in your custom rules.
- From Edit custom rules. , select
- Choose a rule control you want to modify, or Add control to create a new control.
For Level, choose if you want violations of this control
to result in an error or a warning.
Note: Errors result in a build failure. Warnings result in log entries to the continuous integration systems, but they do not cause a build failure.
- Expand the control row to display all condition options.
From the Severity dropdown menu, select the CVSS score
you want to use for this control.
- If you want to generate issues based on CVSS 3, select the Create Issue checkbox.
- Click Save custom rules.