diff --git a/.openvex/templates/README.md b/.openvex/templates/README.md new file mode 100644 index 000000000000..d724e1d0e7eb --- /dev/null +++ b/.openvex/templates/README.md @@ -0,0 +1,27 @@ +# OpenVEX Templates Directory + +This directory contains the OpenVEX data for this repository. +The files stored in this directory are used as templates by +`vexctl generate` when generating VEX data for a release or +a specific artifact. + +To add new statements to publish data about a vulnerability, +download [vexctl](https://github.com/openvex/vexctl) +and append new statements using `vexctl add`. For example: +``` +vexctl add --in-place main.openvex.json pkg:oci/test CVE-2014-1234567 fixed +``` +That will add a new VEX statement expressing that the impact of +CVE-2014-1234567 is under investigation in the test image. When +cutting a new release, for `pkg:oci/test` the new file will be +incorporated to the relase's VEX data. + +## Read more about OpenVEX + +To know more about generating, publishing and using VEX data +in your project, please check out the vexctl repository and +documentation: https://github.com/openvex/vexctl + +OpenVEX also has an examples repository with samples and docs: +https://github.com/openvex/examples + diff --git a/.openvex/templates/main.openvex.json b/.openvex/templates/main.openvex.json new file mode 100644 index 000000000000..2f9b8d2fdce0 --- /dev/null +++ b/.openvex/templates/main.openvex.json @@ -0,0 +1,8 @@ +{ + "@context": "https://openvex.dev/ns/v0.2.0", + "@id": "https://openvex.dev/docs/public/vex-081fa16bd7164a81aa33b8897afd8efb325c037636e2709ed5fdd145eacedcf5", + "author": "vexctl (automated template)", + "timestamp": "2023-12-15T23:43:21.490011+05:30", + "version": 1, + "statements": [] +}