-
Part of https://github.com/python/cpython/issues/112302
**Is your feature request related to a problem? Please describe.**
CPython and its artifacts contain many dependencies which can have vuln…
-
In order to support exchanging information about known security vulnerabilities for a project
an _ORT_ reporter shall be implemented which creates a _VEX_ document according to the _Open VEX_ specifi…
-
Hello,
I have a few questions and requests for clarification regarding some fields in an OpenVEX document, given the spec provided:
- What should be the `@id` field in the document’s metadata? C…
-
The OpenVEX spec has a section [Updating Statements with Inherited Data](https://github.com/openvex/spec/blob/main/OPENVEX-SPEC.md#updating-statements-with-inherited-data). This contains two examples …
-
when a project generates VEX feed for vulnerabilities that are not exploitable, SECURITY_INSIGHTS.yml is an ideal place to capture this information. The work around is to add VEX statement informatio…
-
`vex.Parse` assums the latest version.
https://github.com/openvex/go-vex/blob/eb8ba797f8bc61f5fe76f0ba37e1b3c51099b268/pkg/vex/functions_files.go#L33-L40
`vex.Open` autodetects the version.
https…
-
We need a process for a spec created in a Project to become a standard. We can build out what this looks like, but there should a way for the TAC to be kept in the loop properly as spec go before any …
-
It is relevant to [this issue](https://github.com/openvex/spec/issues/16), but I'd ask about some more specific usage of [products](https://github.com/openvex/spec/blob/07cfbe5c4c371c3567d8a798f06d4b1…
-
Issue #16 is closed indicating that public/private registries are supported, but `project-copacetic/copa-action@main` fails to be able to pull from an ECR registry. I've logged into the registry ever…
-
During the VEX-WG call on Aug 14th 2003, we got a request to produce a list of use cases, similar to the list the CycloneDX has here to show how the same use cases are handled in OpenVEX:
https://g…