dejacode icon indicating copy to clipboard operation
dejacode copied to clipboard
verified publisher icon aboutcode-org

Add support for VEX

Open ziadhany opened this issue 1 year ago • 5 comments

image Screenshot from 2024-04-29 20-46-55 Screenshot from 2024-05-04 23-16-35

ziadhany avatar Apr 09 '24 15:04 ziadhany

@tdruez @DennisClark I'm finalizing the VCIO to CycloneDX vulnerability mapping (references, ratings, packages). If you have any feedback, please let me know.

ziadhany avatar Apr 29 '24 21:04 ziadhany

@ziadhany the screen shots look nice. Do you have an example of the VEX document that you can attach for me to review? Thanks.

DennisClark avatar Apr 30 '24 15:04 DennisClark

@ziadhany Please see if you can support CycloneDX spec 1.4, 1.5, and 1.6 for the VEX.

DennisClark avatar Apr 30 '24 16:04 DennisClark

@ziadhany the screen shots look nice. Do you have an example of the VEX document that you can attach for me to review? Thanks.

dejacode_nexB_product_vex(7).json

ziadhany avatar Apr 30 '24 16:04 ziadhany

@ziadhany as we agreed in our VCIO meeting, please use the Package URL (PURL) as the bom_ref. thanks.

DennisClark avatar May 07 '24 16:05 DennisClark

Implemented in https://github.com/aboutcode-org/dejacode/pull/187 @ziadhany Thanks for bootstrapping this.

Closing.

tdruez avatar Dec 02 '24 13:12 tdruez