DependencyTrack / dependency-track

Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
https://dependencytrack.org/
Apache License 2.0
2.72k stars 580 forks source link

No way to export a self-describing VEX document. #4397

Open ad8-adriant opened 1 week ago

ad8-adriant commented 1 week ago

Current Behavior

(Apologies if this is a duplicate; there are related issues regarding VEX handling but nothing I found seemed to capture the essence of this problem.)

What I would like to do is export a single, self-describing/self-contained VEX document that I could distribute to external parties.

Right now, the options available are:

Proposed Behavior

Ideally there would be a way to export the components, vulnerabilities, and analyses for a project as a single CDX document.

Checklist