Use the Latest CVSS Version in Rules

SourceClear Software Composition Analysis

You can use Common Vulnerability Scoring System (CVSS) version 3 in your SourceClear Software Composition Analysis rules to evaluate your vulnerabilities against the latest version of the standard.

Before you begin

You must have the Enterprise subscription plan to use CVSS 3 in your custom rules.


  1. From Manage Workspace > Rules > Use custom rules, select Edit custom rules.
  2. Choose a rule control you want to modify, or Add control to create a new control.
  3. For Level, choose if you want violations of this control to result in an error or a warning.
    Note: Errors result in a build failure. Warnings result in log entries to the continuous integration systems, but they do not cause a build failure.
  4. Expand the control row to display all condition options.
  5. From the Severity dropdown menu, select the CVSS score you want to use for this control.

  6. If you want to generate issues based on CVSS 3, select the Create Issue checkbox.
  7. Click Save custom rules.