Consider CVS score in Updates checks

Hi,

we at Heinlein are considering to extent the existing apt, zypper and yum updates check to include the CVS score of security updates.

Not all security updates have an CVS score that requires immediated action and should therefor result in a CRIT of the service check.

Before creating a feature request I would like to ask the community if there are already solutions in use or if someone already thought about doing this.

I have one customer where we use a custom zypper check that already looks for the different criticality of critical updates :smiley:
But this is only on SuSE systems at the moment.

SuSE can report the CVE number in the output of zypper which can be asked to query the CVS score.

We would have to look how that can be achieved on other distributions.

Do you have code that you can share?