vex

type CycloneDX ¶

type CycloneDX struct {
	// contains filtered or unexported fields
}

func (v *CycloneDX) Filter(vulns []types.DetectedVulnerability) []types.DetectedVulnerability

type OpenVEX ¶

type OpenVEX struct {
	// contains filtered or unexported fields
}

func (v *OpenVEX) Filter(vulns []types.DetectedVulnerability) []types.DetectedVulnerability

type Statement ¶

type Statement struct {
	VulnerabilityID string
	Affects         []string
	Status          Status
	Justification   string // TODO: define a type
}

type Status ¶

type Status string

const (
	StatusNotAffected        Status = "not_affected"
	StatusAffected           Status = "affected"
	StatusFixed              Status = "fixed"
	StatusUnderInvestigation Status = "under_investigation"
	StatusUnknown            Status = "unknown"
)

type VEX ¶

type VEX interface {
	Filter([]types.DetectedVulnerability) []types.DetectedVulnerability
}

VEX represents Vulnerability Exploitability eXchange. It abstracts multiple VEX formats. Note: This is in the experimental stage and does not yet support many specifications. The implementation may change significantly.

func New(filePath string, report types.Report) (VEX, error)