Add VEX Feed

2023-12-15 19:11:43 +00:00 · 2023-12-15 19:11:43 +00:00 · 7b0464edab
commit 7b0464edab
parent af06917dbb
2 changed files with 35 additions and 0 deletions
--- a/.openvex/templates/README.md
+++ b/.openvex/templates/README.md
@ -0,0 +1,27 @@
+# OpenVEX Templates Directory
+
+This directory contains the OpenVEX data for this repository.
+The files stored in this directory are used as templates by
+`vexctl generate` when generating VEX data for a release or 
+a specific artifact.
+
+To add new statements to publish data about a vulnerability,
+download [vexctl](https://github.com/openvex/vexctl)
+and append new statements using `vexctl add`. For example:
+```
+vexctl add --in-place main.openvex.json pkg:oci/test CVE-2014-1234567 fixed
+```
+That will add a new VEX statement expressing that the impact of
+CVE-2014-1234567 is under investigation in the test image. When
+cutting a new release, for `pkg:oci/test` the new file will be
+incorporated to the relase's VEX data.
+
+## Read more about OpenVEX
+
+To know more about generating, publishing and using VEX data
+in your project, please check out the vexctl repository and
+documentation: https://github.com/openvex/vexctl
+
+OpenVEX also has an examples repository with samples and docs:
+https://github.com/openvex/examples
+
--- a/.openvex/templates/main.openvex.json
+++ b/.openvex/templates/main.openvex.json
@ -0,0 +1,8 @@
+{
+  "@context": "https://openvex.dev/ns/v0.2.0",
+  "@id": "https://openvex.dev/docs/public/vex-6f9001fd8630edd2996df09f345882066d7b5bf512e54af918343d278640ecd0",
+  "author": "vexctl (automated template)",
+  "timestamp": "2023-12-15T19:10:43.910365Z",
+  "version": 1,
+  "statements": []
+}