| 232 | } |
| 233 | |
| 234 | function getSeverityLevel(vuln: OsvVulnerability): OsvSeverityLevel { |
| 235 | const dbSeverity = vuln.database_specific?.severity?.toLowerCase() |
| 236 | if (dbSeverity) { |
| 237 | if (dbSeverity === 'critical') return 'critical' |
| 238 | if (dbSeverity === 'high') return 'high' |
| 239 | if (dbSeverity === 'moderate' || dbSeverity === 'medium') return 'moderate' |
| 240 | if (dbSeverity === 'low') return 'low' |
| 241 | } |
| 242 | |
| 243 | const severityEntry = vuln.severity?.[0] |
| 244 | if (severityEntry?.score) { |
| 245 | const match = severityEntry.score.match(/(?:^|[/:])(\d+(?:\.\d+)?)$/) |
| 246 | if (match?.[1]) { |
| 247 | const score = parseFloat(match[1]) |
| 248 | if (score >= 9.0) return 'critical' |
| 249 | if (score >= 7.0) return 'high' |
| 250 | if (score >= 4.0) return 'moderate' |
| 251 | if (score > 0) return 'low' |
| 252 | } |
| 253 | } |
| 254 | |
| 255 | return 'unknown' |
| 256 | } |
| 257 | |
| 258 | /** |
| 259 | * Analyze entire dependency tree for vulnerabilities and deprecated packages. |