search

openvex / vexctl

A tool to create, transform and attest VEX metadata
Apache License 2.0
103 stars 22 forks source link

Merged documents are missing some data #3

Closed puerco closed 1 year ago

puerco commented 1 year ago

Some data is missing in the resulting document when merging, probably a result of the latest updates to the vex type. Here is a sample resulting from the merge of the testdata examples:

{
  "@context": "",
  "@id": "merged-vex-67124ea942ef30e1f42f3f2bf405fbbc4f5a56e6e87684fc5cd957212fa3e025",
  "author": "Unknown Author",
  "role": "Document Creator",
  "timestamp": "2023-01-10T21:10:21.435326871-06:00",
  "version": "",
  "statements": [
    {
      "vulnerability": "CVE-1234-5678",
      "timestamp": "2022-12-22T16:36:43-05:00",
      "products": [
        "pkg:apk/wolfi/bash@1.0.0"
      ],
      "status": "under_investigation"
    },
    {
      "vulnerability": "CVE-1234-5678",
      "timestamp": "2022-12-22T20:56:05-05:00",
      "products": [
        "pkg:apk/wolfi/bash@1.0.0"
      ],
      "status": "affected"
    }
  ]
}
puerco commented 1 year ago

This is fixed by https://github.com/openvex/vexctl/pull/16