From 36ff4ddf111a59942747f45d322488b9f5928c3a Mon Sep 17 00:00:00 2001
From: Cassidy Diamond <cassidy.diamond@bugcrowd.com>
Date: Fri, 20 Mar 2026 09:45:05 -0400
Subject: [PATCH] [VW-0] allow `null` for nullable fields on vulnerability
 input

---
 src/features/vulnerabilities/types.ts | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/src/features/vulnerabilities/types.ts b/src/features/vulnerabilities/types.ts
index 2bd3fd62..f1ce3837 100644
--- a/src/features/vulnerabilities/types.ts
+++ b/src/features/vulnerabilities/types.ts
@@ -26,17 +26,17 @@ const severitySchema = z.enum(Object.values(Severity));
 export const vulnerabilityInputSchema = z.object({
   cpes: z.array(cpeSchema).min(1, "At least one CPE is required"),
   sarif: z.any(), // JSON data - Prisma JsonValue type
-  cveId: z.string().min(1).optional(),
-  description: z.string().min(1).optional(),
-  narrative: z.string().min(1).optional(),
-  impact: z.string().min(1).optional(),
+  cveId: z.string().min(1).nullish(),
+  description: z.string().min(1).nullish(),
+  narrative: z.string().min(1).nullish(),
+  impact: z.string().min(1).nullish(),
   severity: severitySchema.optional(),
-  cvssScore: z.number().min(0).max(10).optional(),
-  cvssVector: z.string().min(1).optional(),
+  cvssScore: z.number().min(0).max(10).nullish(),
+  cvssVector: z.string().min(1).nullish(),
   affectedComponents: z.array(z.string().min(1)).optional(),
-  exploitUri: safeUrlSchema.optional(),
-  upstreamApi: safeUrlSchema.optional(),
-  deviceArtifactId: z.string().min(1).optional(),
+  exploitUri: safeUrlSchema.nullish(),
+  upstreamApi: safeUrlSchema.nullish(),
+  deviceArtifactId: z.string().min(1).nullish(),
 });
 
 export const vulnerabilityArrayInputSchema = z.object({