-
On a [project](https://github.com/dtn7/dtn7-go) I am working on, I recently implemented the Free Software Foundation Europe's [REUSE](https://reuse.software/) ([repository](https://github.com/fsfe/reu…
-
The documentation isn't clear on this, so I'd like to ask what the _merge-vex_ command is for.
The documentation simply states:
> This command requires two input files, a SBOM and a VEX file that …
-
Currently, we first report x86 and then ARM vulnerabilities. The vulnerabilities are deduplicated, which means vulnerabiltities in ARM images that are also present in x86 won't get reported twice. Bot…
-
Technically a CSAF Aggregator could mirror only a subset of the available CSAF documents for a provider. It maybe confusing the users or problematic when used.
There seem to be potentially legitima…
-
- [x] Full Access to Repository (Admin Rights)
- [x] Outcome of #7 => Agree on input set for acceptance test
- [x] Test files to be uploaded to the testing branch (@tschmidtb51 / @mfd2007)
- [x] Co…
-
Introduce VEX Support to DejaCode
- enhance data model to support a Product VEX List
- provide Export capabilities to product VEX documents that comply with industry-recognized formats
Here are…
-
By potentially integrating with SBOMs and CSAF/VEX documents, OpenEoX enables organizations to incorporate end-of-life and end-of-support information into existing security and compliance workflows. T…
-
- https://repo.openeuler.org/security/data/cvrf/ (a cross-reference of CVE exist) - CVRF parser exists but it's indeed XML ;-)
-
### What is the URL of the page with the issue?
https://pkg.go.dev/about#adding-a-package
### What is your user agent?
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko)…
-
I would like to propose adding a signature / pubkey field to the csaf_2.0/json_schema to provide non-repudiation and some level of integrity verification of the claim.
This way it will allow assur…