Open dr-housemd opened 4 months ago
Certain packages have CVEs whose score is higher than it needs to be or isn't a valid CVE for the package. Industry's effort to fix this is VEX documents. This will help eliminate false positives. Common ways VEX docs can be found are-
Certain packages have CVEs whose score is higher than it needs to be or isn't a valid CVE for the package. Industry's effort to fix this is VEX documents. This will help eliminate false positives. Common ways VEX docs can be found are-