From d00f59035498e9ac30b30822a8cbb5acc64e1993 Mon Sep 17 00:00:00 2001
From: Brad Jones <brad@bradjonesllc.com>
Date: Tue, 19 Mar 2024 09:24:10 -0600
Subject: [PATCH] Surface the advisory ID when CVE not present. (#11892)

---
 src/Composer/Advisory/Auditor.php | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/Composer/Advisory/Auditor.php b/src/Composer/Advisory/Auditor.php
index f0dc76ae5..38d827dfe 100644
--- a/src/Composer/Advisory/Auditor.php
+++ b/src/Composer/Advisory/Auditor.php
@@ -264,6 +264,10 @@ class Auditor
                     $advisory->affectedVersions->getPrettyString(),
                     $advisory->reportedAt->format(DATE_ATOM),
                 ];
+                if ($advisory->cve === null) {
+                    $headers[] = 'Advisory ID';
+                    $row[] = $advisory->advisoryId;
+                }
                 if ($advisory instanceof IgnoredSecurityAdvisory) {
                     $headers[] = 'Ignore reason';
                     $row[] = $advisory->ignoreReason ?? 'None specified';
@@ -294,6 +298,9 @@ class Auditor
                 $error[] = "Package: ".$advisory->packageName;
                 $error[] = "Severity: ".$this->getSeverity($advisory);
                 $error[] = "CVE: ".$this->getCVE($advisory);
+                if ($advisory->cve === null) {
+                    $error[] = "Advisory ID: ".$advisory->advisoryId;
+                }
                 $error[] = "Title: ".OutputFormatter::escape($advisory->title);
                 $error[] = "URL: ".$this->getURL($advisory);
                 $error[] = "Affected versions: ".OutputFormatter::escape($advisory->affectedVersions->getPrettyString());