-
# OPEV # 0015: Expansion of the Vulnerability Field
## 🖊️ Enhancement Overview
During the development of the initial implementations, there have been issues raised about the need to expa…
-
As I started to play with `vexctl` - the `vexctl` references a `vexctl show` command for both status and justification as a potential helper command for the users.
[vexctl show statuses](https://g…
-
(split out from #10)
See https://github.com/openvex/spec/issues/10#issuecomment-1416780433
> Currently the spec reads:
>
> > The use of [Package URLs](https://github.com/package-url/purl-spec…
-
**Version:** v0.2.0
When using either `--author` or `--author-role` flags to the `vexctl create` command, the values are not passed into the final document:
```sh
vexctl create --author foo --a…
-
**Version:** v0.2.0
If I pass the `--subcomponents` flag with a value while the `--products` flag is present with a value, the output document uses the value of the `--subcomponents` flag in the `p…
-
in-toto tracks adoptions / integrations on this repo: https://github.com/in-toto/friends. It'd be neat to have someone from this community submit a short description and some pointers to the spec, too…
-
See Issue https://github.com/openvex/spec/issues/24 for context
The OpenVEX spec has the option to add `impact_statement` but this is not exposed in `vexctl create`. I currently have to add it outs…
-
- [ ] [dependency-labeler](https://github.com/vmware-archive/dependency-labeler) archived
- [ ] [Kubestroyer](https://github.com/Rolix44/Kubestroyer)
- [ ] [kdigger](https://github.com/quarkslab/kdi…
-
Currently there is no way to specify the current version of spec/schema used. Given that we most likely will have iterations and newer versions, we should encode it so that tooling can use it in the a…
-
Compiled Go binaries should be made available for at least a minimal set of platforms for each tagged release obviating the need for `go install`.