VCIO: Improve API for vulnerability scores

[pombredanne]

The API for a vulnerability returns score like this:

{
                    "reference_url": "https://github.com/log4js-node/streamroller/pull/87",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "5.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/log4js-node/streamroller/pull/87"
                },

This is poorly usable by consumer and requires a lot of post processing.

We should expose the data in an improved way TBD.

1. we could provide the severity score range like in the UI, see

   vulnerablecode/vulnerabilities/views.py

   Line 167 in d62f377

   "severity_score_range": get_severity_range(severity_values),

   but this would need to be structure such that this can be used for sorting
2. we could also invert the data above and provide a list of scores firt and references as attributes

[tdruez]

@TG1999 In the very short term, could you add a severity_score_range field to the VulnerabilitySerializer that would return the values computed from get_severity_range()?
This would go a long way to avoid any duplication on the data consumer side.

[Sanskriti0805]

hello ! if this is still available can i work upon this ?