https://github.com/goark/go-cvss
Common Vulnerability Scoring System (CVSS)
https://github.com/goark/go-cvss
cvss go golang golang-package
Last synced: 6 months ago
JSON representation
Common Vulnerability Scoring System (CVSS)
- Host: GitHub
- URL: https://github.com/goark/go-cvss
- Owner: goark
- License: apache-2.0
- Created: 2018-05-14T01:55:57.000Z (about 8 years ago)
- Default Branch: master
- Last Pushed: 2024-03-11T11:41:58.000Z (over 2 years ago)
- Last Synced: 2025-10-13T09:57:20.317Z (9 months ago)
- Topics: cvss, go, golang, golang-package
- Language: Go
- Homepage:
- Size: 237 KB
- Stars: 25
- Watchers: 1
- Forks: 6
- Open Issues: 2
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# [go-cvss] - Common Vulnerability Scoring System (CVSS)
[](https://github.com/goark/go-cvss/actions)
[](https://github.com/goark/go-cvss/actions)
[](https://raw.githubusercontent.com/goark/go-cvss/master/LICENSE)
[](https://github.com/goark/go-cvss/releases/latest)
Importing CVSS vector and scoring.
- Supports CVSS v2, v3.0 and v3.1
- Exporting CVSS information with template string
**Migrated repository to [github.com/goark/go-cvss][go-cvss]**
## Sample Code
### Base Metrics
```go
package main
import (
"fmt"
"os"
"github.com/goark/go-cvss/v3/metric"
)
func main() {
bm, err := metric.NewBase().Decode("CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H") //CVE-2020-1472: ZeroLogon
if err != nil {
fmt.Fprintln(os.Stderr, err)
return
}
fmt.Printf("Severity: %v (%v)\n", bm.Severity(), bm.Score())
// Output:
// Severity: Critical (10)
}
```
### Temporal Metrics
```go
package main
import (
"fmt"
"os"
"github.com/goark/go-cvss/v3/metric"
)
func main() {
tm, err := metric.NewTemporal().Decode("CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:F/RL:W/RC:R") //CVE-2020-1472: ZeroLogon
if err != nil {
fmt.Fprintln(os.Stderr, err)
return
}
fmt.Printf("Base Severity: %v (%v)\n", tm.BaseMetrics().Severity(), tm.BaseMetrics().Score())
fmt.Printf("Temporal Severity: %v (%v)\n", tm.Severity(), tm.Score())
// Output:
// Base Severity: Critical (10)
// Temporal Severity: Critical (9.1)
}
```
### Environmental Metrics
```go
package main
import (
"fmt"
"github.com/goark/go-cvss/v3/metric"
"os"
)
func main() {
em, err := metric.NewEnvironmental().Decode("CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:U/RC:C/CR:M/IR:H/AR:M/MAV:L/MAC:H/MPR:L/MUI:R/MS:U/MC:L/MI:H/MA:L") //Random CVSS Vector
if err != nil {
fmt.Fprintln(os.Stderr, err)
return
}
fmt.Printf("Base Severity: %v (%v)\n", em.BaseMetrics().Severity(), em.BaseMetrics().Score())
fmt.Printf("Temporal Severity: %v (%v)\n", em.TemporalMetrics().Severity(), em.TemporalMetrics().Score())
fmt.Printf("Environmental Severity: %v (%v)\n", em.Severity(), em.Score())
// Output:
// Base Severity: Critical (6.1)
// Temporal Severity: Critical (6)
// Environmental Severity: Critical (6.5)
}
```
### CVSSv2 Base Metrics
```go
package main
import (
"fmt"
"os"
"github.com/goark/go-cvss/v2/metric"
)
func main() {
bm, err := metric.NewBase().Decode("AV:N/AC:L/Au:N/C:N/I:N/A:C") //CVE-2002-0392
if err != nil {
fmt.Fprintln(os.Stderr, err)
return
}
fmt.Printf("Severity: %v (%v)\n", bm.Severity(), bm.Score())
// Output:
// Severity: Severity: High (7.8)
}
```
### CVSSv2 Temporal Metrics
```go
package main
import (
"fmt"
"os"
"github.com/goark/go-cvss/v2/metric"
)
func main() {
tm, err := metric.NewTemporal().Decode("AV:N/AC:L/Au:N/C:N/I:N/A:C/E:F/RL:OF/RC:C") //CVE-2002-0392
if err != nil {
fmt.Fprintln(os.Stderr, err)
return
}
fmt.Printf("Severity (Base): %v (%v)\n", tm.Base.Severity(), tm.Base.Score())
fmt.Printf("Severity (Temporal): %v (%v)\n", tm.Severity(), tm.Score())
// Output:
// Severity (Base): High (7.8)
// Severity (Temporal): Medium (6.4)
}
```
### CVSSv2 Environmental Metrics
```go
package main
import (
"fmt"
"os"
"github.com/goark/go-cvss/v2/metric"
)
func main() {
tm, err := metric.NewEnvironmental().Decode("AV:N/AC:L/Au:N/C:N/I:N/A:C/E:F/RL:OF/RC:C/CDP:H/TD:H/CR:M/IR:M/AR:H") //CVE-2002-0392
if err != nil {
fmt.Fprintln(os.Stderr, err)
return
}
fmt.Printf("Severity (Base): %v (%v)\n", tm.Base.Severity(), tm.Base.Score())
fmt.Printf("Severity (Temporal): %v (%v)\n", tm.Temporal.Severity(), tm.Temporal.Score())
fmt.Printf("Severity (Environmental): %v (%v)\n", tm.Severity(), tm.Score())
// Output:
// Severity (Base): High (7.8)
// Severity (Temporal): Medium (6.4)
// Severity (Environmental): High (9.2)
}
```
### Reporting with template (CVSSv3 only)
ref: [sample.go](https://github.com/goark/go-cvss/blob/master/sample/sample.go)
## Reference
- [CVSS v2 Complete Documentation](https://www.first.org/cvss/v2/guide)
- [CVSS v3.0 Specification Document](https://www.first.org/cvss/v3.0/specification-document)
- [CVSS v3.1 Specification Document](https://www.first.org/cvss/v3.1/specification-document)
[go-cvss]: https://github.com/goark/go-cvss