db: Update trivy-db to include CVSS score info (#530)

* mod: Update trivy-db to include CVSS score info

Signed-off-by: Simarpreet Singh <simar@linux.com>

* mod: Update go.mod

Signed-off-by: Simarpreet Singh <simar@linux.com>

* mod: Update trivy-db to latest

Signed-off-by: Simarpreet Singh <simar@linux.com>

pkg/vulnerability/vulnerability_test.go

@@ -146,7 +146,74 @@ func TestClient_FillInfo(t *testing.T) {
 			},
 		},
 		{
-			name: "happy path, with only OS vulnerability, yes vendor severity, with both NVD and vendor vectors",
+			name: "happy path, with only OS vulnerability, yes vendor severity, with both NVD and CVSS info",
+			getVulnerability: []db.GetVulnerabilityExpectation{
+				{
+					Args: db.GetVulnerabilityArgs{
+						VulnerabilityID: "CVE-2019-0001",
+					},
+					Returns: db.GetVulnerabilityReturns{
+						Vulnerability: dbTypes.Vulnerability{
+							Title:       "dos",
+							Description: "dos vulnerability",
+							Severity:    dbTypes.SeverityMedium.String(),
+							VendorSeverity: dbTypes.VendorSeverity{
+								vulnerability.RedHat: dbTypes.SeverityLow, // CentOS uses RedHat
+							},
+							CVSS: map[string]dbTypes.CVSS{
+								vulnerability.Nvd: {
+									V2Vector: "(AV:N/AC:L/Au:N/C:P/I:P/A:P)",
+									V2Score:  4.5,
+									V3Vector: "CVSS:3.0/PR:N/UI:N/S:U/C:H/I:H/A:H",
+									V3Score:  5.6,
+								},
+								vulnerability.RedHat: {
+									V2Vector: "AV:N/AC:M/Au:N/C:N/I:P/A:N",
+									V2Score:  7.8,
+									V3Vector: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+									V3Score:  9.8,
+								},
+							},
+							References: []string{"http://example.com"},
+						},
+					},
+				},
+			},
+			args: args{
+				vulns: []types.DetectedVulnerability{
+					{VulnerabilityID: "CVE-2019-0001"},
+				},
+				reportType: vulnerability.CentOS,
+			},
+			expectedVulnerabilities: []types.DetectedVulnerability{
+				{
+					VulnerabilityID: "CVE-2019-0001",
+					Vulnerability: dbTypes.Vulnerability{
+						Title:       "dos",
+						Description: "dos vulnerability",
+						Severity:    dbTypes.SeverityLow.String(),
+						References:  []string{"http://example.com"},
+						CVSS: map[string]dbTypes.CVSS{
+							vulnerability.Nvd: {
+								V2Vector: "(AV:N/AC:L/Au:N/C:P/I:P/A:P)",
+								V2Score:  4.5,
+								V3Vector: "CVSS:3.0/PR:N/UI:N/S:U/C:H/I:H/A:H",
+								V3Score:  5.6,
+							},
+							vulnerability.RedHat: {
+								V2Vector: "AV:N/AC:M/Au:N/C:N/I:P/A:N",
+								V2Score:  7.8,
+								V3Vector: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+								V3Score:  9.8,
+							},
+						},
+					},
+					SeveritySource: vulnerability.RedHat,
+				},
+			},
+		},
+		{
+			name: "happy path, with only OS vulnerability, yes vendor severity, with both NVD and deprecated vendor vectors",
 			getVulnerability: []db.GetVulnerabilityExpectation{
 				{
 					Args: db.GetVulnerabilityArgs{