issues Search Results · repo:openvex/vexctl language:Go
Filter by
25 results
(113 ms)25 results
inopenvex/vexctl (press backspace or delete to remove)Would it be possible, please, to cut a new tag release? A lot of nice improvements were merged to main since v0.2.6 was
released in Dec 2023 - https://github.com/openvex/vexctl/compare/v0.2.6...main. Thanks! ...
macedogm
- 4
- Opened on Sep 9, 2024
- #244
The vexctl create --help gives this example
vexctl create --product= pkg:apk/wolfi/git@2.39.0-r1?arch=x86_64 \
--product= pkg:apk/wolfi/git@2.39.0-r1?arch=armv7 \
--vuln= ...
zmanion
- Opened on Aug 16, 2024
- #241
When vexctl merges documents that have the same CVE ID, even if the affected products/subcomponents are the same, the
new document will contain one statement for each CVE ID merged. For example, suppose ...
- 1
- Opened on Jul 12, 2024
- #226
Is there a way, please, to add a vulnerability that has multiple aliases with vexctl add, for example:
{
vulnerability : {
@id : https://pkg.go.dev/vuln/GO-2022-0646 ,
...
- 3
- Opened on Jul 9, 2024
- #219
Since v0.2.5 multiple products specified in the --product flag are not respected, only the last entry is included in the
generated document.
Input:
./vexctl create \
--product= pkg:apk/wolfi/git@2.39.0-r1?arch=x86_64 ...
felipecruz91
- 1
- Opened on Jul 8, 2024
- #215
Lets consider a CVE c that impacts a product with version x. This CVE is fixed in product version y. According to
OpenVEX Specs, field Action_Statement under Statement can contain data for fixes/mitigations. ...
shanu-26
- Opened on Mar 28, 2024
- #170
Description
When calling vexctl attest --sign --attach report.vex.json, the attached attestation seemingly cannot be verified via
cosign verify-attestion.
Repro steps:
1. Create a sample report with ...
dhaus67
- 1
- Opened on Dec 5, 2023
- #143
When I am trying to attest image in a public repository it is resulting into an error ** has no digest** meanwhile we
are giving required digest in query. I am attaching image with the executed queries ...
anilMishra
- 3
- Opened on Nov 28, 2023
- #139
Hi, So I am using vexctl version v0.2.3
I am trying to get grype to ignore a cve (this is purely testing). However I can t get it to match. I ve noticed though
that the structure of the document vexctl ...
akcrisp
- 4
- Opened on Nov 7, 2023
- #134
Docker builds are storing SBOMs and Attestations in a image manifest as described here in OCI spec . I wonder if we can
store the VEX documents in the same manifest as new layers. Doing this can allow ...
RealHarshThakur
- 6
- Opened on Sep 29, 2023
- #124
Learn how you can use GitHub Issues to plan and track your work.
Save views for sprints, backlogs, teams, or releases. Rank, sort, and filter issues to suit the occasion. The possibilities are endless.Learn more about GitHub IssuesProTip!
Restrict your search to the title by using the in:title qualifier.Learn how you can use GitHub Issues to plan and track your work.
Save views for sprints, backlogs, teams, or releases. Rank, sort, and filter issues to suit the occasion. The possibilities are endless.Learn more about GitHub IssuesProTip!
Restrict your search to the title by using the in:title qualifier.