commit

src/StellaOps.Feedser.Source.Ghsa/Internal/GhsaMapper.cs

@@ -57,7 +57,19 @@ internal static class GhsaMapper
         var weaknesses = CreateWeaknesses(dto.Cwes, recordedAt);
         var cvssMetrics = CreateCvssMetrics(dto.Cvss, recordedAt, out var cvssSeverity, out var canonicalMetricId);
 
-        var severity = SeverityNormalization.Normalize(dto.Severity) ?? cvssSeverity;
+        var severityHint = SeverityNormalization.Normalize(dto.Severity);
+        var cvssSeverityHint = SeverityNormalization.Normalize(dto.Cvss?.Severity);
+        var severity = severityHint ?? cvssSeverity ?? cvssSeverityHint;
+
+        if (canonicalMetricId is null)
+        {
+            var fallbackSeverity = severityHint ?? cvssSeverityHint ?? cvssSeverity;
+            if (!string.IsNullOrWhiteSpace(fallbackSeverity))
+            {
+                canonicalMetricId = BuildSeverityCanonicalMetricId(fallbackSeverity);
+            }
+        }
+
         var summary = dto.Summary ?? dto.Description;
         var description = Validation.TrimToNull(dto.Description);
 
@@ -81,6 +93,9 @@ internal static class GhsaMapper
             canonicalMetricId: canonicalMetricId);
     }
 
+    private static string BuildSeverityCanonicalMetricId(string severity)
+        => $"{GhsaConnectorPlugin.SourceName}:severity/{severity}";
+
     private static AdvisoryReference? CreateReference(GhsaReferenceDto reference, DateTimeOffset recordedAt)
     {
         if (string.IsNullOrWhiteSpace(reference.Url) || !Validation.LooksLikeHttpUrl(reference.Url))