vex2doc


Namevex2doc JSON
Version 0.1.0 PyPI version JSON
download
home_pagehttps://github.com/anthonyharrison/vex2doc
SummaryVEX documentation tool
upload_time2025-01-28 21:52:36
maintainerAnthony Harrison
docs_urlNone
authorAnthony Harrison
requires_python>=3.9
licenseApache-2.0
keywords documentation tools sbom vex devsecops spdx cyclonedx csaf openvex
VCS
bugtrack_url
requirements lib4vex sbom2doc
Travis-CI No Travis.
coveralls test coverage No coveralls.
            # VEX2DOC

VEX2DOC documents and summarises the components within a VEX (Vulnerability Expolitability eXchange) document). VEXs are supported in a number of formats including
CSAF    and [CycloneDX](https://www.cyclonedx.org), OpenVEX and [SPDX](https://www.spdx.org)

## Installation

To install use the following command:

`pip install vex2doc`

Alternatively, just clone the repo and install dependencies using the following command:

`pip install -U -r requirements.txt`

The tool requires Python 3 (3.8+). It is recommended to use a virtual python environment especially
if you are using different versions of python. `virtualenv` is a tool for setting up virtual python environments which
allows you to have all the dependencies for the tool set up in a single environment, or have different environments set
up for testing using different versions of Python.

## Usage

```
usage: vex2doc [-h] [-i INPUT_FILE] [--debug] [-f {console,excel,html,json,markdown,pdf}] [-o OUTPUT_FILE] [-V]

VEX2doc generates documentation for a VEX artefact.

options:
  -h, --help            show this help message and exit
  -V, --version         show program's version number and exit

Input:
  -i INPUT_FILE, --input-file INPUT_FILE
                        Name of VEX file

Output:
  --debug               add debug information
  -f {console,excel,html,json,markdown,pdf}, --format {console,excel,html,json,markdown,pdf}
                        Output format (default: output to console)
  -o OUTPUT_FILE, --output-file OUTPUT_FILE
                        output filename (default: output to stdout)

```
					
## Operation

The `--input-file` option is used to specify the VEX to be processed. The type of file VEX is automatically determined by checking for content in the following order:

- CSAF
- CycloneDX
- OpenVEX
- SPDX

The `--output-file` option is used to control the destination of the output generated by the tool. The
default is to report to the console, but it can also be stored in a file (specified using `--output-file` option).

Selecting the `html` format option will create a HTML body document which uses the [Bootstrap](https://getbootstrap.com/) framework.

The `--include-license` option is used to indicate if the text for the licenses is to be included in the output.

## Example

Given the following VEX (acme.json) in CycloneDX format

```bash
{
  "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
  "bomFormat": "CycloneDX",
  "specVersion": "1.6",
  "serialNumber": "urn:uuid:9f41c36d-ce5c-4a94-b25c-229d66d55bf5",
  "version": 2,
  "metadata": {
    "timestamp": "2024-07-29T22:34:03Z",
    "tools": {
      "components": [
        {
          "name": "lib4vex",
          "version": "0.2.0",
          "type": "application"
        }
      ]
    },
    "authors": [
      {
        "name": "Fred Flintstone",
        "email": "fredflintstone@acme.com"
      }
    ],
    "properties": [
      {
        "name": "Revision_1",
        "value": "Initial version"
      },
      {
        "name": "Revision_2",
        "value": "Product Review initiated."
      }
    ],
    "component": {
      "type": "application",
      "supplier": {
        "name": "APH_Division"
      },
      "version": "1.0",
      "bom-ref": "CDXRef-DOCUMENT",
      "name": "ACME-Infusion"
    }
  },
  "vulnerabilities": [
    {
      "bom-ref": "pyyaml@6.0.1",
      "id": "CVE-2023-12345",
      "source": {
        "name": "NVD",
        "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-12345"
      },
      "published": "2024-07-29T22:34:03Z",
      "updated": "2024-07-29T22:34:03Z",
      "analysis": {
        "state": "not_affected",
        "justification": "code_not_reachable"
      },
      "affects": [
        {
          "ref": "urn:cdx:b355491d-a6e7-499e-a273-071b2ef3d086/1#pyyaml-6.0.1",
          "versions": {
            "version": "6.0.1",
            "status": "unaffected"
          }
        }
      ]
    },
    {
      "bom-ref": "pkg:pypi/defusedxml@0.7.1",
      "id": "CVE-2024-1234",
      "source": {
        "name": "NVD",
        "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1234"
      },
      "published": "2024-07-29T18:22:43Z",
      "updated": "2024-07-29T22:34:03Z",
      "analysis": {
        "state": "in_triage"
      },
      "affects": [
        {
          "ref": "urn:cdx:b355491d-a6e7-499e-a273-071b2ef3d086/1#pkg:pypi/defusedxml@0.7.1"
        }
      ]
    }
  ]
}
```

The following command will generate a summary of the contents of the VEX to the console.

```bash
vex2doc --input-file acme.json 

╭─────────────╮
│ VEX Summary │
╰─────────────╯
┏━━━━━━━━━━━━━━━━━━━┳━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┓
┃ Item              ┃ Details                                                                                                            ┃
┡━━━━━━━━━━━━━━━━━━━╇━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┩
│ VEX File          │ acme.json                                                                                                          │
│ VEX Type          │ cyclonedx                                                                                                          │
│ Version           │ 1.6                                                                                                                │
│ Type              │ cyclonedx                                                                                                          │
│ Uuid              │ urn:uuid:9f41c36d-ce5c-4a94-b25c-229d66d55bf5                                                                      │
│ Bom_version       │ 2                                                                                                                  │
│ Created           │ 2024-07-29T22:34:03Z                                                                                               │
│ Creator           │ [['tool', 'lib4vex#0.2.0'], ['person', 'Fred Flintstone#fredflintstone@acme.com']]                                 │
│ Name              │ ACME-Infusion                                                                                                      │
│ Metadata_type     │ application                                                                                                        │
│ Bom-ref           │ CDXRef-DOCUMENT                                                                                                    │
│ Metadata_version  │ 1.0                                                                                                                │
│ Metadata_supplier │ APH_Division                                                                                                       │
│ Property          │ [{'name': 'Revision_1', 'value': 'Initial version'}, {'name': 'Revision_2', 'value': 'Product Review initiated.'}] │
│ Supplier          │ Fred Flintstone                                                                                                    │
│ Supplier_url      │ fredflintstone@acme.com                                                                                            │
└───────────────────┴────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┘
╭─────────────────╮
│ Product Summary │
╰─────────────────╯
┏━━━━━━━━━┳━━━━━━━━━━━━━━━┓
┃ Item    ┃ Details       ┃
┡━━━━━━━━━╇━━━━━━━━━━━━━━━┩
│ Name    │ ACME-Infusion │
│ Version │ 1.0           │
└─────────┴───────────────┘
╭─────────────────────────╮
│ Vulnerabilities Summary │
╰─────────────────────────╯
┏━━━━━━━━━━━━━━━━━━━━━━━━━━━┳━━━━━━━━━━━━━━━━━━━━━┳━━━━━━━━━┳━━━━━━━━━━━━━━━━┳━━━━━━━━━━━━━┳━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┳━━━━━━━━━━━━━━━━━━━━━━┳━━━━━━━━━━━━━━━━━━━━━━┳━━━━━━━━━━━━━━┳━━━━━━━━━━━━━━━━━━━━┳━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┓
┃ Bom-ref                   ┃ Product             ┃ Release ┃ Id             ┃ Source-name ┃ Source-url                   ┃ Created              ┃ Updated              ┃ Status       ┃ Justification      ┃ Bom_link                     ┃
┡━━━━━━━━━━━━━━━━━━━━━━━━━━━╇━━━━━━━━━━━━━━━━━━━━━╇━━━━━━━━━╇━━━━━━━━━━━━━━━━╇━━━━━━━━━━━━━╇━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━╇━━━━━━━━━━━━━━━━━━━━━━╇━━━━━━━━━━━━━━━━━━━━━━╇━━━━━━━━━━━━━━╇━━━━━━━━━━━━━━━━━━━━╇━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┩
│ pyyaml@6.0.1              │ pyyaml              │ 6.0.1   │ CVE-2023-12345 │ NVD         │ https://nvd.nist.gov/vuln/d… │ 2024-07-29T22:34:03Z │ 2024-07-29T22:34:03Z │ not_affected │ code_not_reachable │ urn:cdx:b355491d-a6e7-499e-… │
│ pkg:pypi/defusedxml@0.7.1 │ pkg:pypi/defusedxml │ 0.7.1   │ CVE-2024-1234  │ NVD         │ https://nvd.nist.gov/vuln/d… │ 2024-07-29T18:22:43Z │ 2024-07-29T22:34:03Z │ in_triage    │                    │ urn:cdx:b355491d-a6e7-499e-… │
└───────────────────────────┴─────────────────────┴─────────┴────────────────┴─────────────┴──────────────────────────────┴──────────────────────┴──────────────────────┴──────────────┴────────────────────┴──────────────────────────────┘

```

## Licence

Licenced under the Apache 2.0 Licence.

## Limitations

The tool has the following limitations

- Invalid VEX documents will result in unpredictable results.

## Feedback and Contributions

Bugs and feature requests can be made via GitHub Issues.

            

Raw data

            {
    "_id": null,
    "home_page": "https://github.com/anthonyharrison/vex2doc",
    "name": "vex2doc",
    "maintainer": "Anthony Harrison",
    "docs_url": null,
    "requires_python": ">=3.9",
    "maintainer_email": "anthony.p.harrison@gmail.com",
    "keywords": "documentation, tools, SBOM, VEX, DevSecOps, SPDX, CycloneDX, CSAF, OpenVEX",
    "author": "Anthony Harrison",
    "author_email": "anthony.p.harrison@gmail.com",
    "download_url": null,
    "platform": null,
    "description": "# VEX2DOC\n\nVEX2DOC documents and summarises the components within a VEX (Vulnerability Expolitability eXchange) document). VEXs are supported in a number of formats including\nCSAF    and [CycloneDX](https://www.cyclonedx.org), OpenVEX and [SPDX](https://www.spdx.org)\n\n## Installation\n\nTo install use the following command:\n\n`pip install vex2doc`\n\nAlternatively, just clone the repo and install dependencies using the following command:\n\n`pip install -U -r requirements.txt`\n\nThe tool requires Python 3 (3.8+). It is recommended to use a virtual python environment especially\nif you are using different versions of python. `virtualenv` is a tool for setting up virtual python environments which\nallows you to have all the dependencies for the tool set up in a single environment, or have different environments set\nup for testing using different versions of Python.\n\n## Usage\n\n```\nusage: vex2doc [-h] [-i INPUT_FILE] [--debug] [-f {console,excel,html,json,markdown,pdf}] [-o OUTPUT_FILE] [-V]\n\nVEX2doc generates documentation for a VEX artefact.\n\noptions:\n  -h, --help            show this help message and exit\n  -V, --version         show program's version number and exit\n\nInput:\n  -i INPUT_FILE, --input-file INPUT_FILE\n                        Name of VEX file\n\nOutput:\n  --debug               add debug information\n  -f {console,excel,html,json,markdown,pdf}, --format {console,excel,html,json,markdown,pdf}\n                        Output format (default: output to console)\n  -o OUTPUT_FILE, --output-file OUTPUT_FILE\n                        output filename (default: output to stdout)\n\n```\n\t\t\t\t\t\n## Operation\n\nThe `--input-file` option is used to specify the VEX to be processed. The type of file VEX is automatically determined by checking for content in the following order:\n\n- CSAF\n- CycloneDX\n- OpenVEX\n- SPDX\n\nThe `--output-file` option is used to control the destination of the output generated by the tool. The\ndefault is to report to the console, but it can also be stored in a file (specified using `--output-file` option).\n\nSelecting the `html` format option will create a HTML body document which uses the [Bootstrap](https://getbootstrap.com/) framework.\n\nThe `--include-license` option is used to indicate if the text for the licenses is to be included in the output.\n\n## Example\n\nGiven the following VEX (acme.json) in CycloneDX format\n\n```bash\n{\n  \"$schema\": \"http://cyclonedx.org/schema/bom-1.6.schema.json\",\n  \"bomFormat\": \"CycloneDX\",\n  \"specVersion\": \"1.6\",\n  \"serialNumber\": \"urn:uuid:9f41c36d-ce5c-4a94-b25c-229d66d55bf5\",\n  \"version\": 2,\n  \"metadata\": {\n    \"timestamp\": \"2024-07-29T22:34:03Z\",\n    \"tools\": {\n      \"components\": [\n        {\n          \"name\": \"lib4vex\",\n          \"version\": \"0.2.0\",\n          \"type\": \"application\"\n        }\n      ]\n    },\n    \"authors\": [\n      {\n        \"name\": \"Fred Flintstone\",\n        \"email\": \"fredflintstone@acme.com\"\n      }\n    ],\n    \"properties\": [\n      {\n        \"name\": \"Revision_1\",\n        \"value\": \"Initial version\"\n      },\n      {\n        \"name\": \"Revision_2\",\n        \"value\": \"Product Review initiated.\"\n      }\n    ],\n    \"component\": {\n      \"type\": \"application\",\n      \"supplier\": {\n        \"name\": \"APH_Division\"\n      },\n      \"version\": \"1.0\",\n      \"bom-ref\": \"CDXRef-DOCUMENT\",\n      \"name\": \"ACME-Infusion\"\n    }\n  },\n  \"vulnerabilities\": [\n    {\n      \"bom-ref\": \"pyyaml@6.0.1\",\n      \"id\": \"CVE-2023-12345\",\n      \"source\": {\n        \"name\": \"NVD\",\n        \"url\": \"https://nvd.nist.gov/vuln/detail/CVE-2023-12345\"\n      },\n      \"published\": \"2024-07-29T22:34:03Z\",\n      \"updated\": \"2024-07-29T22:34:03Z\",\n      \"analysis\": {\n        \"state\": \"not_affected\",\n        \"justification\": \"code_not_reachable\"\n      },\n      \"affects\": [\n        {\n          \"ref\": \"urn:cdx:b355491d-a6e7-499e-a273-071b2ef3d086/1#pyyaml-6.0.1\",\n          \"versions\": {\n            \"version\": \"6.0.1\",\n            \"status\": \"unaffected\"\n          }\n        }\n      ]\n    },\n    {\n      \"bom-ref\": \"pkg:pypi/defusedxml@0.7.1\",\n      \"id\": \"CVE-2024-1234\",\n      \"source\": {\n        \"name\": \"NVD\",\n        \"url\": \"https://nvd.nist.gov/vuln/detail/CVE-2024-1234\"\n      },\n      \"published\": \"2024-07-29T18:22:43Z\",\n      \"updated\": \"2024-07-29T22:34:03Z\",\n      \"analysis\": {\n        \"state\": \"in_triage\"\n      },\n      \"affects\": [\n        {\n          \"ref\": \"urn:cdx:b355491d-a6e7-499e-a273-071b2ef3d086/1#pkg:pypi/defusedxml@0.7.1\"\n        }\n      ]\n    }\n  ]\n}\n```\n\nThe following command will generate a summary of the contents of the VEX to the console.\n\n```bash\nvex2doc --input-file acme.json \n\n\u256d\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u256e\n\u2502 VEX Summary \u2502\n\u2570\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u256f\n\u250f\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2533\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2513\n\u2503 Item              \u2503 Details                                                                                                            \u2503\n\u2521\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2547\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2529\n\u2502 VEX File          \u2502 acme.json                                                                                                          \u2502\n\u2502 VEX Type          \u2502 cyclonedx                                                                                                          \u2502\n\u2502 Version           \u2502 1.6                                                                                                                \u2502\n\u2502 Type              \u2502 cyclonedx                                                                                                          \u2502\n\u2502 Uuid              \u2502 urn:uuid:9f41c36d-ce5c-4a94-b25c-229d66d55bf5                                                                      \u2502\n\u2502 Bom_version       \u2502 2                                                                                                                  \u2502\n\u2502 Created           \u2502 2024-07-29T22:34:03Z                                                                                               \u2502\n\u2502 Creator           \u2502 [['tool', 'lib4vex#0.2.0'], ['person', 'Fred Flintstone#fredflintstone@acme.com']]                                 \u2502\n\u2502 Name              \u2502 ACME-Infusion                                                                                                      \u2502\n\u2502 Metadata_type     \u2502 application                                                                                                        \u2502\n\u2502 Bom-ref           \u2502 CDXRef-DOCUMENT                                                                                                    \u2502\n\u2502 Metadata_version  \u2502 1.0                                                                                                                \u2502\n\u2502 Metadata_supplier \u2502 APH_Division                                                                                                       \u2502\n\u2502 Property          \u2502 [{'name': 'Revision_1', 'value': 'Initial version'}, {'name': 'Revision_2', 'value': 'Product Review initiated.'}] \u2502\n\u2502 Supplier          \u2502 Fred Flintstone                                                                                                    \u2502\n\u2502 Supplier_url      \u2502 fredflintstone@acme.com                                                                                            \u2502\n\u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2534\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518\n\u256d\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u256e\n\u2502 Product Summary \u2502\n\u2570\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u256f\n\u250f\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2533\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2513\n\u2503 Item    \u2503 Details       \u2503\n\u2521\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2547\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2529\n\u2502 Name    \u2502 ACME-Infusion \u2502\n\u2502 Version \u2502 1.0           \u2502\n\u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2534\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518\n\u256d\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u256e\n\u2502 Vulnerabilities Summary \u2502\n\u2570\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u256f\n\u250f\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2533\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2533\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2533\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2533\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2533\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2533\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2533\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2533\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2533\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2533\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2513\n\u2503 Bom-ref                   \u2503 Product             \u2503 Release \u2503 Id             \u2503 Source-name \u2503 Source-url                   \u2503 Created              \u2503 Updated              \u2503 Status       \u2503 Justification      \u2503 Bom_link                     \u2503\n\u2521\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2547\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2547\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2547\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2547\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2547\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2547\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2547\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2547\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2547\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2547\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2529\n\u2502 pyyaml@6.0.1              \u2502 pyyaml              \u2502 6.0.1   \u2502 CVE-2023-12345 \u2502 NVD         \u2502 https://nvd.nist.gov/vuln/d\u2026 \u2502 2024-07-29T22:34:03Z \u2502 2024-07-29T22:34:03Z \u2502 not_affected \u2502 code_not_reachable \u2502 urn:cdx:b355491d-a6e7-499e-\u2026 \u2502\n\u2502 pkg:pypi/defusedxml@0.7.1 \u2502 pkg:pypi/defusedxml \u2502 0.7.1   \u2502 CVE-2024-1234  \u2502 NVD         \u2502 https://nvd.nist.gov/vuln/d\u2026 \u2502 2024-07-29T18:22:43Z \u2502 2024-07-29T22:34:03Z \u2502 in_triage    \u2502                    \u2502 urn:cdx:b355491d-a6e7-499e-\u2026 \u2502\n\u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2534\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2534\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2534\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2534\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2534\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2534\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2534\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2534\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2534\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2534\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518\n\n```\n\n## Licence\n\nLicenced under the Apache 2.0 Licence.\n\n## Limitations\n\nThe tool has the following limitations\n\n- Invalid VEX documents will result in unpredictable results.\n\n## Feedback and Contributions\n\nBugs and feature requests can be made via GitHub Issues.\n",
    "bugtrack_url": null,
    "license": "Apache-2.0",
    "summary": "VEX documentation tool",
    "version": "0.1.0",
    "project_urls": {
        "Homepage": "https://github.com/anthonyharrison/vex2doc"
    },
    "split_keywords": [
        "documentation",
        " tools",
        " sbom",
        " vex",
        " devsecops",
        " spdx",
        " cyclonedx",
        " csaf",
        " openvex"
    ],
    "urls": [
        {
            "comment_text": "",
            "digests": {
                "blake2b_256": "48a494f4ef876376591d72a9e598b0d618edc2c80383cbfa8d24d596adb37e6d",
                "md5": "8086f64b3b626627b455bd67d9c45ebf",
                "sha256": "9485f2c96ad61abdb7c355cc1e6ceb57bc49d2e0037bf930d1900eedcde50a43"
            },
            "downloads": -1,
            "filename": "vex2doc-0.1.0-py2.py3-none-any.whl",
            "has_sig": false,
            "md5_digest": "8086f64b3b626627b455bd67d9c45ebf",
            "packagetype": "bdist_wheel",
            "python_version": "py2.py3",
            "requires_python": ">=3.9",
            "size": 10917,
            "upload_time": "2025-01-28T21:52:36",
            "upload_time_iso_8601": "2025-01-28T21:52:36.960980Z",
            "url": "https://files.pythonhosted.org/packages/48/a4/94f4ef876376591d72a9e598b0d618edc2c80383cbfa8d24d596adb37e6d/vex2doc-0.1.0-py2.py3-none-any.whl",
            "yanked": false,
            "yanked_reason": null
        }
    ],
    "upload_time": "2025-01-28 21:52:36",
    "github": true,
    "gitlab": false,
    "bitbucket": false,
    "codeberg": false,
    "github_user": "anthonyharrison",
    "github_project": "vex2doc",
    "travis_ci": false,
    "coveralls": false,
    "github_actions": false,
    "requirements": [
        {
            "name": "lib4vex",
            "specs": [
                [
                    ">=",
                    "0.2.0"
                ]
            ]
        },
        {
            "name": "sbom2doc",
            "specs": [
                [
                    ">=",
                    "0.6.0"
                ]
            ]
        }
    ],
    "tox": true,
    "lcname": "vex2doc"
}
        
Elapsed time: 0.89172s