search

aboutcode-org / dejacode

Automate open source license compliance and ensure software supply chain integrity
https://dejacode.readthedocs.io
GNU Affero General Public License v3.0
19 stars 7 forks source link

CRAVEX: Export VEX document: CSAF #107

Open pombredanne opened 4 months ago

pombredanne commented 4 months ago

Export the results of the vulnerabilities triage and processing as CSAF VEX document

DennisClark commented 3 months ago

Looking for current example CSAF files with actual data and for a definitive version of the current specfification.

Also, for reference see https://github.com/oasis-tcs/csaf and https://www.redhat.com/en/blog/common-security-advisory-framework-csaf-beta-files-now-available (2022-06-17).

DennisClark commented 3 months ago

Specific public examples of CSAF 2.0 documents from Schneider Electric can be found here: https://www.se.com/ww/en/work/support/cybersecurity/security-notifications.jsp

One example is attached.

sevd-2023-101-05.json