-
Notifications
You must be signed in to change notification settings - Fork 4.9k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #17809 from acumino/init-VEX-feed
Initialize the VEX feed
- Loading branch information
Showing
2 changed files
with
35 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,27 @@ | ||
# OpenVEX Templates Directory | ||
|
||
This directory contains the OpenVEX data for this repository. | ||
The files stored in this directory are used as templates by | ||
`vexctl generate` when generating VEX data for a release or | ||
a specific artifact. | ||
|
||
To add new statements to publish data about a vulnerability, | ||
download [vexctl](https://github.com/openvex/vexctl) | ||
and append new statements using `vexctl add`. For example: | ||
``` | ||
vexctl add --in-place main.openvex.json pkg:oci/test CVE-2014-1234567 fixed | ||
``` | ||
That will add a new VEX statement expressing that the impact of | ||
CVE-2014-1234567 is under investigation in the test image. When | ||
cutting a new release, for `pkg:oci/test` the new file will be | ||
incorporated to the relase's VEX data. | ||
|
||
## Read more about OpenVEX | ||
|
||
To know more about generating, publishing and using VEX data | ||
in your project, please check out the vexctl repository and | ||
documentation: https://github.com/openvex/vexctl | ||
|
||
OpenVEX also has an examples repository with samples and docs: | ||
https://github.com/openvex/examples | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,8 @@ | ||
{ | ||
"@context": "https://openvex.dev/ns/v0.2.0", | ||
"@id": "https://openvex.dev/docs/public/vex-081fa16bd7164a81aa33b8897afd8efb325c037636e2709ed5fdd145eacedcf5", | ||
"author": "vexctl (automated template)", | ||
"timestamp": "2023-12-15T23:43:21.490011+05:30", | ||
"version": 1, | ||
"statements": [] | ||
} |