cyclonedx scan: handle missing description (#13963)

valentijnscholten · web-flow · commit 5b7063717221 · 2025-12-29T09:52:21.000-06:00
diff --git a/dojo/tools/cyclonedx/xml_parser.py b/dojo/tools/cyclonedx/xml_parser.py
@@ -194,6 +194,15 @@ def _manage_vulnerability_xml(
             "b:ratings/b:rating/b:severity", namespaces=ns,
         )
         severity = Cyclonedxhelper().fix_severity(severity)
+        # by the schema, only id is mandatory, even the severity and description are
+        # optional
+        if not description:
+            description = "\n".join(
+                [
+                    f"**Id:** {vuln_id}",
+                    f"**Severity:** {severity}",
+                ],
+            )
         references = ""
         for advisory in vulnerability.findall(
             "b:advisories/b:advisory", namespaces=ns,
