feat: scan vulnerabilities from OSV

backend/application/access_control/services/roles_permissions.py

@@ -29,6 +29,7 @@ class Permissions(IntEnum):
     Product_Delete = 1103
     Product_Create = 1104
     Product_Import_Observations = 1105
+    Product_Scan_OSV = 1106
 
     Product_Member_View = 1201
     Product_Member_Edit = 1202
@@ -206,6 +207,7 @@ def get_roles_with_permissions():
             Permissions.Product_Group_View,
             Permissions.Product_View,
             Permissions.Product_Import_Observations,
+            Permissions.Product_Scan_OSV,
             Permissions.Product_Member_View,
             Permissions.Product_Authorization_Group_Member_View,
             Permissions.Product_Rule_View,
@@ -225,6 +227,7 @@ def get_roles_with_permissions():
             Permissions.Product_View,
             Permissions.Product_Edit,
             Permissions.Product_Import_Observations,
+            Permissions.Product_Scan_OSV,
             Permissions.Product_Member_View,
             Permissions.Product_Member_Edit,
             Permissions.Product_Member_Delete,
@@ -268,6 +271,7 @@ def get_roles_with_permissions():
             Permissions.Product_Edit,
             Permissions.Product_Delete,
             Permissions.Product_Import_Observations,
+            Permissions.Product_Scan_OSV,
             Permissions.Product_Member_View,
             Permissions.Product_Member_Edit,
             Permissions.Product_Member_Delete,

backend/application/core/services/observation.py

@@ -1,6 +1,7 @@
 import hashlib
 from urllib.parse import urlparse
 
+from cvss import CVSS3, CVSS4
 from packageurl import PackageURL
 
 from application.core.types import Severity, Status
@@ -62,6 +63,12 @@ def _get_string_to_hash(observation):  # pylint: disable=too-many-branches
 
 
 def get_current_severity(observation) -> str:
+    if observation.cvss3_vector:
+        observation.cvss3_score = CVSS3(observation.cvss3_vector).base_score
+
+    if observation.cvss4_vector:
+        observation.cvss4_score = CVSS4(observation.cvss4_vector).base_score
+
     if observation.assessment_severity:
         return observation.assessment_severity
 

backend/application/import_observations/migrations/0011_alter_parser_source.py

@@ -0,0 +1,30 @@
+# Generated by Django 5.1.5 on 2025-01-18 10:25
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        (
+            "import_observations",
+            "0010_vulnerability_check_last_import_licenses_deleted_and_more",
+        ),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name="parser",
+            name="source",
+            field=models.CharField(
+                choices=[
+                    ("API", "API"),
+                    ("File", "File"),
+                    ("Manual", "Manual"),
+                    ("Other", "Other"),
+                    ("Unknown", "Unknown"),
+                ],
+                max_length=16,
+            ),
+        ),
+    ]