# VEX2DOC
VEX2DOC documents and summarises the components within a VEX (Vulnerability Expolitability eXchange) document). VEXs are supported in a number of formats including
CSAF and [CycloneDX](https://www.cyclonedx.org), OpenVEX and [SPDX](https://www.spdx.org)
## Installation
To install use the following command:
`pip install vex2doc`
Alternatively, just clone the repo and install dependencies using the following command:
`pip install -U -r requirements.txt`
The tool requires Python 3 (3.8+). It is recommended to use a virtual python environment especially
if you are using different versions of python. `virtualenv` is a tool for setting up virtual python environments which
allows you to have all the dependencies for the tool set up in a single environment, or have different environments set
up for testing using different versions of Python.
## Usage
```
usage: vex2doc [-h] [-i INPUT_FILE] [--debug] [-f {console,excel,html,json,markdown,pdf}] [-o OUTPUT_FILE] [-V]
VEX2doc generates documentation for a VEX artefact.
options:
-h, --help show this help message and exit
-V, --version show program's version number and exit
Input:
-i INPUT_FILE, --input-file INPUT_FILE
Name of VEX file
Output:
--debug add debug information
-f {console,excel,html,json,markdown,pdf}, --format {console,excel,html,json,markdown,pdf}
Output format (default: output to console)
-o OUTPUT_FILE, --output-file OUTPUT_FILE
output filename (default: output to stdout)
```
## Operation
The `--input-file` option is used to specify the VEX to be processed. The type of file VEX is automatically determined by checking for content in the following order:
- CSAF
- CycloneDX
- OpenVEX
- SPDX
The `--output-file` option is used to control the destination of the output generated by the tool. The
default is to report to the console, but it can also be stored in a file (specified using `--output-file` option).
Selecting the `html` format option will create a HTML body document which uses the [Bootstrap](https://getbootstrap.com/) framework.
The `--include-license` option is used to indicate if the text for the licenses is to be included in the output.
## Example
Given the following VEX (acme.json) in CycloneDX format
```bash
{
"$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
"bomFormat": "CycloneDX",
"specVersion": "1.6",
"serialNumber": "urn:uuid:9f41c36d-ce5c-4a94-b25c-229d66d55bf5",
"version": 2,
"metadata": {
"timestamp": "2024-07-29T22:34:03Z",
"tools": {
"components": [
{
"name": "lib4vex",
"version": "0.2.0",
"type": "application"
}
]
},
"authors": [
{
"name": "Fred Flintstone",
"email": "fredflintstone@acme.com"
}
],
"properties": [
{
"name": "Revision_1",
"value": "Initial version"
},
{
"name": "Revision_2",
"value": "Product Review initiated."
}
],
"component": {
"type": "application",
"supplier": {
"name": "APH_Division"
},
"version": "1.0",
"bom-ref": "CDXRef-DOCUMENT",
"name": "ACME-Infusion"
}
},
"vulnerabilities": [
{
"bom-ref": "pyyaml@6.0.1",
"id": "CVE-2023-12345",
"source": {
"name": "NVD",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-12345"
},
"published": "2024-07-29T22:34:03Z",
"updated": "2024-07-29T22:34:03Z",
"analysis": {
"state": "not_affected",
"justification": "code_not_reachable"
},
"affects": [
{
"ref": "urn:cdx:b355491d-a6e7-499e-a273-071b2ef3d086/1#pyyaml-6.0.1",
"versions": {
"version": "6.0.1",
"status": "unaffected"
}
}
]
},
{
"bom-ref": "pkg:pypi/defusedxml@0.7.1",
"id": "CVE-2024-1234",
"source": {
"name": "NVD",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1234"
},
"published": "2024-07-29T18:22:43Z",
"updated": "2024-07-29T22:34:03Z",
"analysis": {
"state": "in_triage"
},
"affects": [
{
"ref": "urn:cdx:b355491d-a6e7-499e-a273-071b2ef3d086/1#pkg:pypi/defusedxml@0.7.1"
}
]
}
]
}
```
The following command will generate a summary of the contents of the VEX to the console.
```bash
vex2doc --input-file acme.json
╭─────────────╮
│ VEX Summary │
╰─────────────╯
┏━━━━━━━━━━━━━━━━━━━┳━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┓
┃ Item ┃ Details ┃
┡━━━━━━━━━━━━━━━━━━━╇━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┩
│ VEX File │ acme.json │
│ VEX Type │ cyclonedx │
│ Version │ 1.6 │
│ Type │ cyclonedx │
│ Uuid │ urn:uuid:9f41c36d-ce5c-4a94-b25c-229d66d55bf5 │
│ Bom_version │ 2 │
│ Created │ 2024-07-29T22:34:03Z │
│ Creator │ [['tool', 'lib4vex#0.2.0'], ['person', 'Fred Flintstone#fredflintstone@acme.com']] │
│ Name │ ACME-Infusion │
│ Metadata_type │ application │
│ Bom-ref │ CDXRef-DOCUMENT │
│ Metadata_version │ 1.0 │
│ Metadata_supplier │ APH_Division │
│ Property │ [{'name': 'Revision_1', 'value': 'Initial version'}, {'name': 'Revision_2', 'value': 'Product Review initiated.'}] │
│ Supplier │ Fred Flintstone │
│ Supplier_url │ fredflintstone@acme.com │
└───────────────────┴────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┘
╭─────────────────╮
│ Product Summary │
╰─────────────────╯
┏━━━━━━━━━┳━━━━━━━━━━━━━━━┓
┃ Item ┃ Details ┃
┡━━━━━━━━━╇━━━━━━━━━━━━━━━┩
│ Name │ ACME-Infusion │
│ Version │ 1.0 │
└─────────┴───────────────┘
╭─────────────────────────╮
│ Vulnerabilities Summary │
╰─────────────────────────╯
┏━━━━━━━━━━━━━━━━━━━━━━━━━━━┳━━━━━━━━━━━━━━━━━━━━━┳━━━━━━━━━┳━━━━━━━━━━━━━━━━┳━━━━━━━━━━━━━┳━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┳━━━━━━━━━━━━━━━━━━━━━━┳━━━━━━━━━━━━━━━━━━━━━━┳━━━━━━━━━━━━━━┳━━━━━━━━━━━━━━━━━━━━┳━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┓
┃ Bom-ref ┃ Product ┃ Release ┃ Id ┃ Source-name ┃ Source-url ┃ Created ┃ Updated ┃ Status ┃ Justification ┃ Bom_link ┃
┡━━━━━━━━━━━━━━━━━━━━━━━━━━━╇━━━━━━━━━━━━━━━━━━━━━╇━━━━━━━━━╇━━━━━━━━━━━━━━━━╇━━━━━━━━━━━━━╇━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━╇━━━━━━━━━━━━━━━━━━━━━━╇━━━━━━━━━━━━━━━━━━━━━━╇━━━━━━━━━━━━━━╇━━━━━━━━━━━━━━━━━━━━╇━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┩
│ pyyaml@6.0.1 │ pyyaml │ 6.0.1 │ CVE-2023-12345 │ NVD │ https://nvd.nist.gov/vuln/d… │ 2024-07-29T22:34:03Z │ 2024-07-29T22:34:03Z │ not_affected │ code_not_reachable │ urn:cdx:b355491d-a6e7-499e-… │
│ pkg:pypi/defusedxml@0.7.1 │ pkg:pypi/defusedxml │ 0.7.1 │ CVE-2024-1234 │ NVD │ https://nvd.nist.gov/vuln/d… │ 2024-07-29T18:22:43Z │ 2024-07-29T22:34:03Z │ in_triage │ │ urn:cdx:b355491d-a6e7-499e-… │
└───────────────────────────┴─────────────────────┴─────────┴────────────────┴─────────────┴──────────────────────────────┴──────────────────────┴──────────────────────┴──────────────┴────────────────────┴──────────────────────────────┘
```
## Licence
Licenced under the Apache 2.0 Licence.
## Limitations
The tool has the following limitations
- Invalid VEX documents will result in unpredictable results.
## Feedback and Contributions
Bugs and feature requests can be made via GitHub Issues.
Raw data
{
"_id": null,
"home_page": "https://github.com/anthonyharrison/vex2doc",
"name": "vex2doc",
"maintainer": "Anthony Harrison",
"docs_url": null,
"requires_python": ">=3.9",
"maintainer_email": "anthony.p.harrison@gmail.com",
"keywords": "documentation, tools, SBOM, VEX, DevSecOps, SPDX, CycloneDX, CSAF, OpenVEX",
"author": "Anthony Harrison",
"author_email": "anthony.p.harrison@gmail.com",
"download_url": null,
"platform": null,
"description": "# VEX2DOC\n\nVEX2DOC documents and summarises the components within a VEX (Vulnerability Expolitability eXchange) document). VEXs are supported in a number of formats including\nCSAF and [CycloneDX](https://www.cyclonedx.org), OpenVEX and [SPDX](https://www.spdx.org)\n\n## Installation\n\nTo install use the following command:\n\n`pip install vex2doc`\n\nAlternatively, just clone the repo and install dependencies using the following command:\n\n`pip install -U -r requirements.txt`\n\nThe tool requires Python 3 (3.8+). It is recommended to use a virtual python environment especially\nif you are using different versions of python. `virtualenv` is a tool for setting up virtual python environments which\nallows you to have all the dependencies for the tool set up in a single environment, or have different environments set\nup for testing using different versions of Python.\n\n## Usage\n\n```\nusage: vex2doc [-h] [-i INPUT_FILE] [--debug] [-f {console,excel,html,json,markdown,pdf}] [-o OUTPUT_FILE] [-V]\n\nVEX2doc generates documentation for a VEX artefact.\n\noptions:\n -h, --help show this help message and exit\n -V, --version show program's version number and exit\n\nInput:\n -i INPUT_FILE, --input-file INPUT_FILE\n Name of VEX file\n\nOutput:\n --debug add debug information\n -f {console,excel,html,json,markdown,pdf}, --format {console,excel,html,json,markdown,pdf}\n Output format (default: output to console)\n -o OUTPUT_FILE, --output-file OUTPUT_FILE\n output filename (default: output to stdout)\n\n```\n\t\t\t\t\t\n## Operation\n\nThe `--input-file` option is used to specify the VEX to be processed. The type of file VEX is automatically determined by checking for content in the following order:\n\n- CSAF\n- CycloneDX\n- OpenVEX\n- SPDX\n\nThe `--output-file` option is used to control the destination of the output generated by the tool. The\ndefault is to report to the console, but it can also be stored in a file (specified using `--output-file` option).\n\nSelecting the `html` format option will create a HTML body document which uses the [Bootstrap](https://getbootstrap.com/) framework.\n\nThe `--include-license` option is used to indicate if the text for the licenses is to be included in the output.\n\n## Example\n\nGiven the following VEX (acme.json) in CycloneDX format\n\n```bash\n{\n \"$schema\": \"http://cyclonedx.org/schema/bom-1.6.schema.json\",\n \"bomFormat\": \"CycloneDX\",\n \"specVersion\": \"1.6\",\n \"serialNumber\": \"urn:uuid:9f41c36d-ce5c-4a94-b25c-229d66d55bf5\",\n \"version\": 2,\n \"metadata\": {\n \"timestamp\": \"2024-07-29T22:34:03Z\",\n \"tools\": {\n \"components\": [\n {\n \"name\": \"lib4vex\",\n \"version\": \"0.2.0\",\n \"type\": \"application\"\n }\n ]\n },\n \"authors\": [\n {\n \"name\": \"Fred Flintstone\",\n \"email\": \"fredflintstone@acme.com\"\n }\n ],\n \"properties\": [\n {\n \"name\": \"Revision_1\",\n \"value\": \"Initial version\"\n },\n {\n \"name\": \"Revision_2\",\n \"value\": \"Product Review initiated.\"\n }\n ],\n \"component\": {\n \"type\": \"application\",\n \"supplier\": {\n \"name\": \"APH_Division\"\n },\n \"version\": \"1.0\",\n \"bom-ref\": \"CDXRef-DOCUMENT\",\n \"name\": \"ACME-Infusion\"\n }\n },\n \"vulnerabilities\": [\n {\n \"bom-ref\": \"pyyaml@6.0.1\",\n \"id\": \"CVE-2023-12345\",\n \"source\": {\n \"name\": \"NVD\",\n \"url\": \"https://nvd.nist.gov/vuln/detail/CVE-2023-12345\"\n },\n \"published\": \"2024-07-29T22:34:03Z\",\n \"updated\": \"2024-07-29T22:34:03Z\",\n \"analysis\": {\n \"state\": \"not_affected\",\n \"justification\": \"code_not_reachable\"\n },\n \"affects\": [\n {\n \"ref\": \"urn:cdx:b355491d-a6e7-499e-a273-071b2ef3d086/1#pyyaml-6.0.1\",\n \"versions\": {\n \"version\": \"6.0.1\",\n \"status\": \"unaffected\"\n }\n }\n ]\n },\n {\n \"bom-ref\": \"pkg:pypi/defusedxml@0.7.1\",\n \"id\": \"CVE-2024-1234\",\n \"source\": {\n \"name\": \"NVD\",\n \"url\": \"https://nvd.nist.gov/vuln/detail/CVE-2024-1234\"\n },\n \"published\": \"2024-07-29T18:22:43Z\",\n \"updated\": \"2024-07-29T22:34:03Z\",\n \"analysis\": {\n \"state\": \"in_triage\"\n },\n \"affects\": [\n {\n \"ref\": \"urn:cdx:b355491d-a6e7-499e-a273-071b2ef3d086/1#pkg:pypi/defusedxml@0.7.1\"\n }\n ]\n }\n ]\n}\n```\n\nThe following command will generate a summary of the contents of the VEX to the console.\n\n```bash\nvex2doc --input-file acme.json \n\n\u256d\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u256e\n\u2502 VEX Summary \u2502\n\u2570\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u256f\n\u250f\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2533\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2513\n\u2503 Item \u2503 Details \u2503\n\u2521\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2547\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2529\n\u2502 VEX File \u2502 acme.json \u2502\n\u2502 VEX Type \u2502 cyclonedx \u2502\n\u2502 Version \u2502 1.6 \u2502\n\u2502 Type \u2502 cyclonedx \u2502\n\u2502 Uuid \u2502 urn:uuid:9f41c36d-ce5c-4a94-b25c-229d66d55bf5 \u2502\n\u2502 Bom_version \u2502 2 \u2502\n\u2502 Created \u2502 2024-07-29T22:34:03Z \u2502\n\u2502 Creator \u2502 [['tool', 'lib4vex#0.2.0'], ['person', 'Fred Flintstone#fredflintstone@acme.com']] \u2502\n\u2502 Name \u2502 ACME-Infusion \u2502\n\u2502 Metadata_type \u2502 application \u2502\n\u2502 Bom-ref \u2502 CDXRef-DOCUMENT \u2502\n\u2502 Metadata_version \u2502 1.0 \u2502\n\u2502 Metadata_supplier \u2502 APH_Division \u2502\n\u2502 Property \u2502 [{'name': 'Revision_1', 'value': 'Initial version'}, {'name': 'Revision_2', 'value': 'Product Review initiated.'}] \u2502\n\u2502 Supplier \u2502 Fred Flintstone \u2502\n\u2502 Supplier_url \u2502 fredflintstone@acme.com \u2502\n\u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2534\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518\n\u256d\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u256e\n\u2502 Product Summary \u2502\n\u2570\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u256f\n\u250f\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2533\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2513\n\u2503 Item \u2503 Details \u2503\n\u2521\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2547\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2529\n\u2502 Name \u2502 ACME-Infusion \u2502\n\u2502 Version \u2502 1.0 \u2502\n\u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2534\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518\n\u256d\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u256e\n\u2502 Vulnerabilities Summary \u2502\n\u2570\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u256f\n\u250f\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2533\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2533\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2533\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2533\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2533\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2533\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2533\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2533\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2533\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2533\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2513\n\u2503 Bom-ref \u2503 Product \u2503 Release \u2503 Id \u2503 Source-name \u2503 Source-url \u2503 Created \u2503 Updated \u2503 Status \u2503 Justification \u2503 Bom_link \u2503\n\u2521\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2547\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2547\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2547\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2547\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2547\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2547\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2547\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2547\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2547\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2547\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2529\n\u2502 pyyaml@6.0.1 \u2502 pyyaml \u2502 6.0.1 \u2502 CVE-2023-12345 \u2502 NVD \u2502 https://nvd.nist.gov/vuln/d\u2026 \u2502 2024-07-29T22:34:03Z \u2502 2024-07-29T22:34:03Z \u2502 not_affected \u2502 code_not_reachable \u2502 urn:cdx:b355491d-a6e7-499e-\u2026 \u2502\n\u2502 pkg:pypi/defusedxml@0.7.1 \u2502 pkg:pypi/defusedxml \u2502 0.7.1 \u2502 CVE-2024-1234 \u2502 NVD \u2502 https://nvd.nist.gov/vuln/d\u2026 \u2502 2024-07-29T18:22:43Z \u2502 2024-07-29T22:34:03Z \u2502 in_triage \u2502 \u2502 urn:cdx:b355491d-a6e7-499e-\u2026 \u2502\n\u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2534\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2534\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2534\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2534\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2534\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2534\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2534\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2534\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2534\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2534\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518\n\n```\n\n## Licence\n\nLicenced under the Apache 2.0 Licence.\n\n## Limitations\n\nThe tool has the following limitations\n\n- Invalid VEX documents will result in unpredictable results.\n\n## Feedback and Contributions\n\nBugs and feature requests can be made via GitHub Issues.\n",
"bugtrack_url": null,
"license": "Apache-2.0",
"summary": "VEX documentation tool",
"version": "0.1.0",
"project_urls": {
"Homepage": "https://github.com/anthonyharrison/vex2doc"
},
"split_keywords": [
"documentation",
" tools",
" sbom",
" vex",
" devsecops",
" spdx",
" cyclonedx",
" csaf",
" openvex"
],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "48a494f4ef876376591d72a9e598b0d618edc2c80383cbfa8d24d596adb37e6d",
"md5": "8086f64b3b626627b455bd67d9c45ebf",
"sha256": "9485f2c96ad61abdb7c355cc1e6ceb57bc49d2e0037bf930d1900eedcde50a43"
},
"downloads": -1,
"filename": "vex2doc-0.1.0-py2.py3-none-any.whl",
"has_sig": false,
"md5_digest": "8086f64b3b626627b455bd67d9c45ebf",
"packagetype": "bdist_wheel",
"python_version": "py2.py3",
"requires_python": ">=3.9",
"size": 10917,
"upload_time": "2025-01-28T21:52:36",
"upload_time_iso_8601": "2025-01-28T21:52:36.960980Z",
"url": "https://files.pythonhosted.org/packages/48/a4/94f4ef876376591d72a9e598b0d618edc2c80383cbfa8d24d596adb37e6d/vex2doc-0.1.0-py2.py3-none-any.whl",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2025-01-28 21:52:36",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "anthonyharrison",
"github_project": "vex2doc",
"travis_ci": false,
"coveralls": false,
"github_actions": false,
"requirements": [
{
"name": "lib4vex",
"specs": [
[
">=",
"0.2.0"
]
]
},
{
"name": "sbom2doc",
"specs": [
[
">=",
"0.6.0"
]
]
}
],
"tox": true,
"lcname": "vex2doc"
}
JSON
