[bug] BOMEncoder for vulnerabilities adds a default score of 0 if not specified
samj1912 opened this issue · comments
Currently vulnerabilities.ratings.score is a non required field in the spec. The library however serializes absent scores as 0 in VEX documents. This is probably because score is a float field
Line 637 in 6c388c4
For example see BOMs at anchore/grype#678