-
Export the results of the vulnerabilities triage and processing as CycloneDX VEX document
-
**What would you like to be added**:
It would be good to add the `pkg.Source.Name` and `pkg.Source.Digest` information to the matchable product identifiers when using VEX documents to filter out vu…
-
## WHAT
As part of #95 we have now setup `govulncheck` to run on each PR and periodically on master + stable release branches as part of `verify` jobs.
`govulncheck` has now added support for ope…
-
Export the results of the vulnerabilities triage and processing as CSAF VEX document
-
- I ran the red hat sbom importers + the csaf importers for at least 5 minutes
- The I hit `GET /api/v1/package/b11f922a-6ab3-553f-b703-6fc65d0f1fe9` which corresponds to the package whose purl is `p…
-
Please upload images and descriptions, as technical as possible of failures and successes.
Feel free to look through this log to learn from other mistakes and successes.
-
**What happened**:
When following the example [here](https://github.com/anchore/grype?tab=readme-ov-file#vex-support) using the vex document specified, the vulnerability is rendered in the outputte…
-
Red Had intend to publish new advisories in new format, Vulnerability Exploitability eXchange (VEX), instead of OVAL.
https://www.redhat.com/en/blog/vulnerability-exploitability-exchange-vex-beta-fil…
-
Hello!
Your Vexed app version `1.0.1` fails to build with the SDK version `0.103.0-rc f7`. Please update the app in your repository and create a new pull request to the catalog repository with the up…
-
## Description
I would like to open a discussion regarding the file path convention for storing OpenVEX files within a Git repository. In the example of [Cilium](https://github.com/cilium/cilium/blob…