{"id":18942343,"url":"https://github.com/bugcrowd/vrt-ruby","last_synced_at":"2025-09-25T02:32:09.720Z","repository":{"id":49104553,"uuid":"98467078","full_name":"bugcrowd/vrt-ruby","owner":"bugcrowd","description":"Ruby library for interacting with Bugcrowd's VRT","archived":false,"fork":false,"pushed_at":"2024-07-18T06:28:54.000Z","size":194,"stargazers_count":13,"open_issues_count":3,"forks_count":8,"subscribers_count":44,"default_branch":"master","last_synced_at":"2024-09-18T17:09:30.798Z","etag":null,"topics":["bugcrowd","gem","taxonomy","vrt","vulnerability"],"latest_commit_sha":null,"homepage":"https://bugcrowd.com/vrt","language":"Ruby","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/bugcrowd.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2017-07-26T21:24:48.000Z","updated_at":"2024-08-12T19:31:33.000Z","dependencies_parsed_at":"2023-11-20T06:30:18.101Z","dependency_job_id":"22239614-2c1e-42c2-82c2-e0b4f0e515b3","html_url":"https://github.com/bugcrowd/vrt-ruby","commit_stats":{"total_commits":73,"total_committers":9,"mean_commits":8.11111111111111,"dds":0.4794520547945206,"last_synced_commit":"2cf0eda9b7921a0bfe28b95428c96529747b5054"},"previous_names":[],"tags_count":33,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bugcrowd%2Fvrt-ruby","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bugcrowd%2Fvrt-ruby/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bugcrowd%2Fvrt-ruby/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bugcrowd%2Fvrt-ruby/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/bugcrowd","download_url":"https://codeload.github.com/bugcrowd/vrt-ruby/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":234147894,"owners_count":18786934,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bugcrowd","gem","taxonomy","vrt","vulnerability"],"created_at":"2024-11-08T12:32:31.274Z","updated_at":"2025-09-25T02:32:04.394Z","avatar_url":"https://github.com/bugcrowd.png","language":"Ruby","readme":"\u003cp align=\"center\"\u003e\n  \u003cimg src=\"https://gist.githubusercontent.com/adamrdavid/c5d4e0faab7801c828962487f3e5b924/raw/2ab968922aa658e37b458fd07c67591ca98b77a9/vrt.svg\" /\u003e\n\u003c/p\u003e\n\u003cp align=\"center\"\u003e\n  \u003ca href=\"https://rubygems.org/gems/vrt\"\u003e\n    \u003cimg src=\"https://badge.fury.io/rb/vrt.svg\" /\u003e\n  \u003c/a\u003e\n  \u003ca href=\"https://github.com/bugcrowd/vrt-ruby/actions\"\u003e\n    \u003cimg src=\"https://github.com/bugcrowd/vrt-ruby/workflows/Build/badge.svg\" /\u003e\n  \u003c/a\u003e\n  \u003ca href=\"https://www.rubydoc.info/gems/vrt/\"\u003e\n    \u003cimg src=\"https://img.shields.io/badge/doc-rubydoc-informational\" /\u003e\n  \u003c/a\u003e\n\u003c/p\u003e\n\n# VRT Ruby Wrapper\nWhile the Content and Structure is defined in the [Vulnerability Rating Taxonomy Repository](https://github.com/bugcrowd/vulnerability-rating-taxonomy), this defines methods to allow for easy handling of VRT logic.  This gem is used and maintained by [Bugcrowd Engineering](https://bugcrowd.com).\n\n## Getting Started\nAdd this line to your application's Gemfile:\n```ruby\ngem 'vrt'\n```\n\nTo create the initializer:\n```bash\nrails generate vrt:install\n```\n\n## Usage\n\nFor convenience in development, we provide a utility for spinning up a\nplayground for playing with the gem. You can invoke it with:\n\n```bash\nbin/console\n```\n\nWhen one has a VRT Classification ID, one can check it's validity:\n```ruby\nvrt = VRT::Map.new\n\nvrt.valid?('server_side_injection')\n=\u003e true\n\nvrt.valid?('test_vrt_classification')\n=\u003e false\n```\n\nGet a pretty output for its lineage:\n```ruby\nvrt = VRT::Map.new\n\nvrt.get_lineage('server_side_injection.file_inclusion.local')\n=\u003e \"Server-Side Injection \u003e File Inclusion \u003e Local\"\n```\n\nThe information within that node:\n```ruby\nvrt = VRT::Map.new\n\nvrt.find_node('server_side_injection.file_inclusion.local')\n```\nWhich returns the corresponding [`VRT::Node`](https://github.com/bugcrowd/vrt-ruby/blob/master/lib/vrt/node.rb).  This node has a variety of methods:\n```ruby\nvrt_map = VRT::Map.new\n\nnode = vrt_map.find_node('server_side_injection.file_inclusion.local')\n\nnode.children # Returns Child Nodes\n\nnode.parent # Returns Parent Node\n\nnode.priority\n\nnode.id\n\nnode.name\n\nnode.mappings # The node's mappings to other classifications\n```\n\n### If you need to deal with translating between versions\nVRT module also has a `find_node` method that is version agnostic.  This is used to find the best\nmatch for a node under any version and has options to specify a preferred version.\n\n#### Examples:\n\n```ruby\n# Find a node in a given preferred version that best maps to the given id\nVRT.find_node(\n  vrt_id: 'social_engineering',\n  preferred_version: '1.1'\n)\n# returns 'other'\n\n# Aggregate vulnerabilities by category\nVRT.find_node(\n  vrt_id: vrt_id,\n  max_depth: 'category'\n)\n\n# Query for vulnerabilities by category while maintaining deprecated mappings by adding\n# deprecated ids to the search with `all_matching_categories`\ncategories_to_search_for += VRT.all_matching_categories(categories_to_search_for)\n```\n\n### Mappings and external links\n\n#### Mappings\n\nA mapping is a relationship defined from a node to another classification like cvss or cwe or to\nmore information like remediation advice. The relationships that are defined in mappings are\nmaintained by the Bugcrowd team as well as external contributors to the\n[VRT repo](https://github.com/bugcrowd/vulnerability-rating-taxonomy/tree/master/mappings).\n\n##### Example getting the CWE for a particular VRT ID\n\n```ruby\nVRT.find_node(\n  vrt_id: 'server_security_misconfiguration.unsafe_cross_origin_resource_sharing'\n).mappings[:cwe]\n\n=\u003e [\"CWE-942\", \"CWE-16\"]\n```\n\n#### Third party links\n\nThese are simillar to mappings, but the relationships are maintained by an external party instead of\nBugcrowd.\n\n##### Example getting Secure Code Warrior training link for a particular VRT ID\n\n```ruby\nVRT.find_node(\n  vrt_id: 'server_security_misconfiguration.unsafe_cross_origin_resource_sharing'\n).third_party_links[:scw]\n\n=\u003e \"https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd\u0026mappingList=vrt\u0026mappingKey=server_security_misconfiguration:unsafe_cross_origin_resource_sharing\u0026redirect=true\"\n```","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbugcrowd%2Fvrt-ruby","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fbugcrowd%2Fvrt-ruby","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbugcrowd%2Fvrt-ruby/lists"}