Closed terriko closed 1 month ago
@terriko looks good, but i think there might have been some misunderstanding currently the cpe is not used in the vex but probably is a 1-2 line addition should bring that since we already have decode_cpe function present.
Also now I look at the original PR the support for the cpe in the sbom parser rather than vex, i need to look into if we can support cpe for vex and where should the identifier go and will be scanned from.
So sounds like this documentation attempt as written is not true and should not be merged, but we should update the sbom docs instead? I"ll leave this open so I don't forget but close it once I've got attempt number 2 going.
Closing because I'm moving this to "future" so I can think about what needs writing better.
Pinging @mastersans to make sure this is actually correct.