search

chainguard-dev / vex

vexctl is a tool to attest VEX impact statements
Apache License 2.0
44 stars 12 forks source link

Update VEX struct to latest model #46

Closed puerco closed 1 year ago

puerco commented 1 year ago

This PR updates the VEX struct to add support for product details at the statement level plus other minor fields added to the minimum elements spec as of Dec 23. This PR has three parts:

1. Added missing fields to Statement

2. Removed product from the Document level.

The minimum requirements spec has it only at the statement.

3. Marked Vulnerability, Timestamp, and Product optional

Vulnerability, Timestamp, and Product in the Statement are now omitempty as they may be inherited from the document or encapsulating format.

/cc @luhring

Signed-off-by: Adolfo García Veytia (Puerco) puerco@chainguard.dev

puerco commented 1 year ago

Pushed another commit to remove the product from the document level as the Minimum Requirements spec moves it to the statement level.

puerco commented 1 year ago

And a final one: Vulnerability, Timestamp, and Product are now optional in the json statement struct as they may be inherited from the document or encapsulating format.