-
Notifications
You must be signed in to change notification settings - Fork 324
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Generating VEX statements #19
Comments
At Chainguard we are starting to run tests issuing vex for Wolfi, our linux distro. We are generating documents in a simplified VEX format which we also embed in in-toto attestations. We are proposing this format to the VEX working group and have been trying to capture the latest data model. Here is the VEX structure and type we are using: https://github.com/chainguard-dev/vex/blob/main/pkg/vex/vex.go We would love to collaborate and learn more about you rvex use case! |
Hey @puerco! Thanks for reaching out! The use case we have in mind right now is just generating VEX statements from:
If possible we'd certainly like to re-use an existing VEX structure for this. Very happy to chat more here about this or other potential areas of collaboration! CC @lumjjb |
Automatically generate VEX statements based on call graph analysis or ignored vulnerabilities set in the scanner config.
The text was updated successfully, but these errors were encountered: