{"id":13809738,"url":"https://github.com/advanced-security/adjust-cvss","last_synced_at":"2025-04-28T17:30:54.055Z","repository":{"id":114871444,"uuid":"608001487","full_name":"advanced-security/adjust-cvss","owner":"advanced-security","description":null,"archived":false,"fork":false,"pushed_at":"2024-03-27T20:52:12.000Z","size":41,"stargazers_count":2,"open_issues_count":0,"forks_count":3,"subscribers_count":1,"default_branch":"master","last_synced_at":"2024-04-14T11:42:59.777Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/advanced-security.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-03-01T05:30:01.000Z","updated_at":"2024-08-04T02:01:51.269Z","dependencies_parsed_at":"2024-01-13T14:43:55.364Z","dependency_job_id":"c9d3311a-0790-462f-a454-959c81a71be5","html_url":"https://github.com/advanced-security/adjust-cvss","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/advanced-security%2Fadjust-cvss","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/advanced-security%2Fadjust-cvss/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/advanced-security%2Fadjust-cvss/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/advanced-security%2Fadjust-cvss/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/advanced-security","download_url":"https://codeload.github.com/advanced-security/adjust-cvss/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":251355257,"owners_count":21576322,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-04T02:00:35.293Z","updated_at":"2025-04-28T17:30:53.546Z","avatar_url":"https://github.com/advanced-security.png","language":"Java","funding_links":[],"categories":["CodeQL Actions Helpers"],"sub_categories":[],"readme":"# adjust-cvss\n\nTakes a SARIF file and a list of query id patterns as input and assigns custom [cvss scores](https://github.blog/changelog/2021-07-19-codeql-code-scanning-new-severity-levels-for-security-alerts/) (aka `security-severity`) to those queries. This allows to make specific queries less or more severe, which affects how they are displayed (`Low`, `High`, `Critical`, ...) and whether they cause pull request checks to fail.\n\n# Example\n\nThe following example sets the cvss score of all queries to `1.2` except for the query with the id `java/xss`. Note that this only affects queries with a `security-severity` metadata field. Therefore, most code quality related queries are not affected:\n\n```yaml\nname: \"CodeQL\"\n\non:\n  push:\n    branches: [ master ]\n  pull_request:\n    branches: [ master ]\n\njobs:\n  analyze:\n    name: Analyze\n    runs-on: ubuntu-latest\n    permissions:\n      actions: read\n      contents: read\n      security-events: write\n\n    strategy:\n      fail-fast: false\n      matrix:\n        language: [ 'java' ]\n\n    steps:\n    - name: Checkout repository\n      uses: actions/checkout@v2\n\n    - name: Initialize CodeQL\n      uses: github/codeql-action/init@v1\n      with:\n        languages: ${{ matrix.language }}\n        queries: security-and-quality\n\n    - run: |\n        javatest/build\n\n    - name: Perform CodeQL Analysis\n      uses: github/codeql-action/analyze@v1\n      with:\n        output: sarif-results\n        upload: False\n\n    - name: adjust-cvss\n      uses: advanced-security/adjust-cvss@master\n      with:\n        patterns: |\n          **:1.2\n          java/xss:9.9\n        input: sarif-results/${{ matrix.language }}.sarif\n        output: sarif-results/${{ matrix.language }}.sarif\n\n    - name: Upload SARIF\n      uses: github/codeql-action/upload-sarif@v1\n      with:\n        sarif_file: sarif-results/${{ matrix.language }}.sarif\n```\n\nNote how we provided `upload: False` and `output: sarif-results` to the `analyze` action. That way we can filter the SARIF with the `adjust-cvss` action before uploading it via `upload-sarif`.\n\n# Patterns\n\nEach pattern line is of the form:\n```\n\u003cid pattern\u003e:\u003cscore pattern\u003e\n```\n\nfor example:\n```\n**:1.2                           # all queries shall have a cvss of `1.2`.\njava/xss:9.9                     # the Java XSS query should have a score of `9.9`\njava/**:5.4                      # all Java queries have a score of `5.4`\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fadvanced-security%2Fadjust-cvss","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fadvanced-security%2Fadjust-cvss","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fadvanced-security%2Fadjust-cvss/lists"}