Bug description

The awssecurityhub/inspector.py parser currently does not accept or map several important vulnerability-related fields provided by AWS Security Hub / Inspector findings. Specifically, the parser is missing support for:

• CVSS v3 Score
• CVSS v4 Score
• Severity Justification

As a result, these fields are either ignored or not populated correctly in DefectDojo findings, leading to incomplete vulnerability metadata.

Steps to reproduce

1. Configure AWS Security Hub with Inspector findings enabled.
2. Export or ingest findings into DefectDojo using the dojo/tools/awssecurityhub/inspector.py parser.
3. Review the imported findings in DefectDojo.
4. Observe that CVSS v3 score, CVSS v4 score, and severity description fields are missing or not populated.

Expected behavior

The dojo/tools/awssecurityhub/inspector.py parser should correctly parse and populate the following fields when present in the AWS Security Hub / Inspector findings:

• CVSS v3 Score
• CVSS v4 Score
• Severity description

These values should be visible and usable within DefectDojo findings for accurate risk assessment and prioritisation.

Deployment method (select with an X)

• Docker Compose
• Kubernetes
• GoDojo

Environment information

• Operating System: Ubuntu 22.04
• Docker Compose or Helm version: docker compose v2.x
• DefectDojo version (see footer) or commit message: Please fill in exact version/commit

Logs

No parser errors are observed in the logs. Findings are imported successfully, but the above fields are not mapped or displayed.

Sample scan files

Can be provided upon request (AWS Security Hub Inspector finding JSON).

Screenshots

N/A

Additional context (optional)

AWS Security Hub and Inspector now provide richer vulnerability metadata, including CVSS v4 scores. Supporting these fields in the parser would improve accuracy, reporting, and alignment with AWS-native severity assessments.