Overview
Request 1225194 accepted
New package vexctl version 0.3.0 is a CLI tool to create, apply, and attest VEX (Vulnerability Exploitability eXchange) data. Its purpose is to help with the creation and management of VEX documents that allow "turning off" security scanner alerts of vulnerabilities known not to affect a product.
VEX can be thought of as a "negative security advisory". Using VEX, software authors can communicate to their users that an otherwise vulnerable component has no security implications for their product.
Request History
jfkw created request
New package vexctl version 0.3.0 is a CLI tool to create, apply, and attest VEX (Vulnerability Exploitability eXchange) data. Its purpose is to help with the creation and management of VEX documents that allow "turning off" security scanner alerts of vulnerabilities known not to affect a product.
VEX can be thought of as a "negative security advisory". Using VEX, software authors can communicate to their users that an otherwise vulnerable component has no security implications for their product.
factory-auto added opensuse-review-team as a reviewer
Please review sources
factory-auto accepted review
Check script succeeded
staging-bot added openSUSE:Factory:Staging:adi:8 as a reviewer
Being evaluated by staging project "openSUSE:Factory:Staging:adi:8"
staging-bot accepted review
Picked "openSUSE:Factory:Staging:adi:8"
licensedigger accepted review
The legal review is accepted preliminary. The package may require actions later on.
dimstar accepted review
anag+factory accepted review
Staging Project openSUSE:Factory:Staging:adi:8 got accepted.
anag+factory approved review
Staging Project openSUSE:Factory:Staging:adi:8 got accepted.
anag+factory accepted request
Staging Project openSUSE:Factory:Staging:adi:8 got accepted.
