You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
At Chainguard we are starting to run tests issuing vex for Wolfi, our linux distro. We are generating documents in a simplified VEX format which we also embed in in-toto attestations. We are proposing this format to the VEX working group and have been trying to capture the latest data model.
The use case we have in mind right now is just generating VEX statements from:
The ignore files provided by the user.
Automated call graph analysis on vulnerable functions.
If possible we'd certainly like to re-use an existing VEX structure for this. Very happy to chat more here about this or other potential areas of collaboration!
oliverchang
added
backlog
Important but currently unprioritized
and removed
stale
The issue or PR is stale and pending automated closure
labels
Jul 28, 2024
Automatically generate VEX statements based on call graph analysis or ignored vulnerabilities set in the scanner config.
The text was updated successfully, but these errors were encountered: