Closed brandtkeller closed 1 year ago
Thanks for reporting this @brandtkeller !
Yes I think that was the intent, just a helpful way to print the values for users writing their statements. They are constants defined already in the go-vex/vex package:
I'm starting work on other parts of the vexctl show
subcommand, if you want to help building this part you are more than welcome, if not I'll add these very soon :)
I just discovered this as well and found the show
subcommand to be missing.
It looks like the --author
flag to the create
command is not honored either.
$ vexctl create --author="Fred" --product="$VEX_PRODUCT" --vuln="$VEX_CVE" --status="$VEX_STATUS" --justification="$VEX_JUSTIFICATION"
{
"@context": "https://openvex.dev/ns",
"@id": "https://openvex.dev/docs/public/vex-391c7f7828a3c2b044da23d8d814db972fef87b38ebce0ceb77c9c523cd30025",
"author": "Unknown Author",
"role": "Document Creator",
"timestamp": "2023-07-16T08:46:25.325955149+02:00",
"version": "1",
"statements": [
{
"vulnerability": "CVE-2023-34362",
"products": [
"pkg:generic/test@5.7.0&checksum=sha256:de4d501267da"
],
"status": "not_affected",
"justification": "component_not_present"
}
]
}
GitVersion: v0.2.0
GitCommit: unknown
GitTreeState: unknown
BuildDate: unknown
GoVersion: go1.20.5
Compiler: gc
Platform: linux/amd64
@puerco, the show
command is still missing as of 0.2.3 which prevents users from running commands vexctl show statuses
and vexctl show justifications
as advertised in the help for vexctl create -h
.
This feature is now implemented as vevxctl list
, thanks for fixing it @brandtkeller!
As I started to play with
vexctl
- thevexctl
references avexctl show
command for both status and justification as a potential helper command for the users.vexctl show statuses
vexctl show justifications
Is the intent that there might be a helper command
show
that presents some static information? Both functions look to be listing a predetermined set of possible options after looking at openvex.Open to assisting here if interested.