v0.5.1

Changed

• Container image strips the pip package code and pip CLI binaries
  from the runtime venv but keeps pip's .dist-info metadata. 0.4.1
  stripped all of it to silence Docker Scout alerts on unreachable pip
  CVEs, but deleting the .dist-info also removed the signal SCA
  scanners use to identify pip — making the image appear vuln-free by
  metadata deletion rather than by code removal. Keeping the metadata
  while dropping the code gives honest reporting: scanners still see
  pip and flag CVE-2025-8869 / CVE-2026-1703, and the code that would
  host those CVEs is gone from the runtime layer. The CVEs also remain
  unreachable by execution path — distroless base, no shell, entrypoint
  is /venv/bin/compose-lint. The activate* shell-script stripping
  from 0.4.1 stays.

Added

• OpenVEX document (.vex/compose-lint.openvex.json) published as a
  release asset alongside the SBOM, Sigstore bundles, and SLSA
  provenance, and attached to the container image manifest as a
  cosign in-toto attestation (predicate type openvex). Declares the
  known pip CVEs (CVE-2025-8869, CVE-2026-1703) as not_affected
  against the container image with justification
  vulnerable_code_not_present. Scanners invoked with --vex on the
  release asset, or attestation-aware scanners (Docker Scout; Trivy /
  Grype in attestation-discovery modes), render those CVEs as
  non-exploitable rather than either hiding pip or flagging reachable
  risk. New pip CVEs get added to the VEX when verified as covered by
  the same mitigation; CVEs in any actually-reachable code path do
  not.