fix(vuln-scan): filter out CVSS v4 scores, prefer v3.x only

hima700 · hima700 · commit 2cff35dbb575 · 2025-11-06T13:22:44.000-10:00
diff --git a/api/src/main/java/org/svip/api/services/VulnerabilityScanService.java b/api/src/main/java/org/svip/api/services/VulnerabilityScanService.java
@@ -626,6 +626,10 @@ private void addCvssRating(ArrayNode ratingsArray, JsonNode cvss) {
         }
 
         String method = cvss.path("version").asText("");
+        // Skip CVSS v4.0 scores; prefer v3.x only
+        if (method.startsWith("4.")) {
+            return;
+        }
         if (!method.isEmpty()) {
             rating.put("method", method);
         }

Original file line number	Diff line number	Diff line change
`@@ -626,6 +626,10 @@ private void addCvssRating(ArrayNode ratingsArray, JsonNode cvss) {`
`626`	`626`	`}`
`627`	`627`
`628`	`628`	`String method = cvss.path("version").asText("");`
	`629`	`+ // Skip CVSS v4.0 scores; prefer v3.x only`
	`630`	`+ if (method.startsWith("4.")) {`
	`631`	`+ return;`
	`632`	`+ }`
`629`	`633`	`if (!method.isEmpty()) {`
`630`	`634`	`rating.put("method", method);`
`631`	`635`	`}`