diff --git a/cve_bin_tool/vex_manager/parse.py b/cve_bin_tool/vex_manager/parse.py index 37eea3eb60..e339114097 100644 --- a/cve_bin_tool/vex_manager/parse.py +++ b/cve_bin_tool/vex_manager/parse.py @@ -113,7 +113,7 @@ def __process_vulnerabilities(self, vulnerabilities) -> None: remarks = self.analysis_state[self.vextype][vuln.get("status")] justification = vuln.get("justification") response = vuln.get("remediation") - comments = vuln.get("comments") + comments = vuln.get("comment") severity = vuln.get("severity") # Severity is not available in Lib4VEX # Decode the bom reference for cyclonedx and purl for csaf and openvex product_info = None diff --git a/test/test_vex.py b/test/test_vex.py index 27fbbc68b9..a3d7861c37 100644 --- a/test/test_vex.py +++ b/test/test_vex.py @@ -173,7 +173,7 @@ class TestVexParse: }, "CVE-1234-1005": { "remarks": Remarks.NotAffected, - "comments": "", + "comments": "Detail field populated.", "response": [], }, "paths": {}, @@ -187,7 +187,7 @@ class TestVexParse: ): { "CVE-1234-1007": { "remarks": Remarks.Mitigated, - "comments": "", + "comments": "Data field populated.", "response": [], }, "CVE-1234-1008": { @@ -212,7 +212,7 @@ class TestVexParse: }, "CVE-1234-1005": { "remarks": Remarks.NotAffected, - "comments": "", + "comments": "NotAffected: Detail field populated.", "response": "will_not_fix", "justification": "code_not_reachable", }, @@ -226,7 +226,7 @@ class TestVexParse: ): { "CVE-1234-1007": { "remarks": Remarks.Mitigated, - "comments": "", + "comments": "Data field populated.", "response": [], }, "CVE-1234-1008": {