-
**What happened**:
Using the `--fail-on` flag doesn't appear to take into account the contents of a VEX document that has been provided using the `--vex` flag - even if several CVEs have been marke…
-
* related: https://github.com/intel/cve-bin-tool/issues/2230
* expanding the idea from https://github.com/intel/cve-bin-tool/issues/2354
# cve-bin-tool: Integration of new formats into triage work…
-
## Overview
Kubescape calculates the relevancy of container image vulnerabilities by monitoring using eBPF the application behavior and produces a filtered list of vulnerabilities. Today the results …
-
## Release Checklist
- [x] [OWNERS](https://github.com/kubernetes-sigs/kueue/blob/main/OWNERS) must LGTM the release proposal.
At least two for minor or major releases. At least one for a patch …
-
more related to `release/publish` but not a blocker for addition ( at the same time not urgent ).
-
Update the Vex Schema to include Vex Version.
This issue is based on: https://github.com/guacsec/guac/pull/1241#discussion_r1322948966
The documentation of OpenVEX’s Version: https://github.com/…
-
### Current Behavior
I tried to import vex files both with API and Frontend (Tab Audit Vulnerabilities -> [Apply VEX] button)
It fails with the following warning for each vulnerability in the vex fi…
-
_Reopening https://github.com/openvex/spec/issues/42 over here as it's more appropriate._
The recent [v0.2.0 release](https://github.com/openvex/spec/releases/tag/v0.2.0) introduced new enhancement…
-
Is there currently a way for openvex to refer back to an SBOM? Right now it is common that you might refer to an openvex document from an SBOM, but does openvex support the inverse relationship?
-
So, for #2422 I had to update our triage and I feel like we could improve the process but we might need to think about how we want to do that. I know @anthonyharrison and @raboof have talked about th…