Overview Repositories Revisions Requests Users Attributes Meta

vexctl

Edit Package vexctl
https://github.com/openvex/vexctl

vexctl is a CLI tool to create, apply, and attest VEX (Vulnerability Exploitability eXchange) data. Its purpose is to help with the creation and management of VEX documents that allow "turning off" security scanner alerts of vulnerabilities known not to affect a product.

VEX can be thought of as a "negative security advisory". Using VEX, software authors can communicate to their users that an otherwise vulnerable component has no security implications for their product.

  • Developed at devel:languages:go
  • Sources inherited from project openSUSE:Factory
  • Download package
  • osc -A https://api.opensuse.org checkout openSUSE:Factory:Rebuild/vexctl && cd $_
  • Create Badge
Refresh
Refresh
Source Files
Filename Size Changed
_service 0000000667 667 Bytes
_servicedata 0000000235 235 Bytes
vendor.tar.gz 0011870657 11.3 MB
vexctl-0.3.0.tar.gz 0000226241 221 KB
vexctl.changes 0000013467 13.2 KB
vexctl.spec 0000001861 1.82 KB
Latest Revision
Ana Guerrero's avatar Ana Guerrero (anag+factory) accepted request 1225194 from Jeff Kowalczyk's avatar Jeff Kowalczyk (jfkw) (revision 1) 
New package vexctl version 0.3.0 is a CLI tool to create, apply, and attest VEX (Vulnerability Exploitability eXchange) data. Its purpose is to help with the creation and management of VEX documents that allow "turning off" security scanner alerts of vulnerabilities known not to affect a product.

VEX can be thought of as a "negative security advisory". Using VEX, software authors can communicate to their users that an otherwise vulnerable component has no security implications for their product.
Comments 0
openSUSE Build Service is sponsored by
Places