| Name | vexipy JSON |
| Version |
0.2.0
JSON |
| download |
| home_page | None |
| Summary | Python OpenVEX Library |
| upload_time | 2025-07-26 08:30:36 |
| maintainer | None |
| docs_url | None |
| author | None |
| requires_python | >=3.9 |
| license | None |
| keywords |
openvex
security
vex
vulnerability
|
| VCS |
|
| bugtrack_url |
|
| requirements |
No requirements were recorded.
|
| Travis-CI |
No Travis.
|
| coveralls test coverage |
No coveralls.
|
# vexipy
[](https://github.com/colin-pm/vexipy/actions/workflows/validate.yaml)
[](https://scorecard.dev/viewer/?uri=github.com/colin-pm/vexipy)
[](https://www.bestpractices.dev/projects/10913)
[](https://github.com/colin-pm/vexipy/actions/workflows/github-code-scanning/codeql)
A Python implementation of the [OpenVEX specification][].
This library aims to provide a simple-to-use API for creating, validating, and modifying OpenVEX data.
## Installing
```bash
python3 -m pip install vexipy
```
## Example Usage
```python
from vexipy import Component, Document, Statement, Vulnerability
vulnerability = Vulnerability(
id="https://nvd.nist.gov/vuln/detail/CVE-2019-17571",
name="CVE-2019-17571",
description="The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.",
aliases=[
"GHSA-2qrg-x229-3v8q",
"openSUSE-SU-2020:0051-1",
"SNYK-RHEL7-LOG4J-1472071",
"DSA-4686-1",
"USN-4495",
"DLA-2065-1",
],
)
print(vulnerability.to_json())
document = Document.from_json(
"""
{
"@context": "https://openvex.dev/ns/v0.2.0",
"@id": "https://openvex.dev/docs/example/vex-9fb3463de1b57",
"author": "Wolfi J Inkinson",
"role": "Document Creator",
"timestamp": "2023-01-08T18:02:03.647787998-06:00",
"version": "1",
"statements": [
{
"vulnerability": {
"name": "CVE-2014-123456"
},
"products": [
{"@id": "pkg:apk/distro/git@2.39.0-r1?arch=armv7"},
{"@id": "pkg:apk/distro/git@2.39.0-r1?arch=x86_64"}
],
"status": "fixed"
}
]
}
"""
)
statement = Statement(
vulnerability=Vulnerability(name="CVE-2014-123456"),
status="fixed",
)
component = Component(
identifiers={"purl": "pkg:deb/debian/curl@7.50.3-1?arch=i386&distro=jessie"},
hashes={"md5": "a2eec1a40a5315b1e2ff273aa747504b"},
)
statement = statement.update(products=[component])
document = document.append_statements(statement)
```
## Contributing
We welcome contributions to this project! To contribute, please follow these guidelines:
## How to Contribute
1. **Fork the repository** - Create a fork of this repository to your GitHub account
2. **Create a feature branch** - Make your changes in a new branch off of `main`
3. **Make your changes** - Implement your feature or bug fix
4. **Submit a Pull Request** - Open a PR from your fork's branch to our `main` branch
## Requirements
### Code Quality Standards
- **Tests must pass** - All existing tests must continue to pass
- **Test coverage** - New code is expected to include appropriate test coverage
- **PEP standards** - Code must follow Python Enhancement Proposal (PEP) standards
- **Linting and formatting** - Code must pass all linting and formatting checks
### Development Tools
Before submitting a PR, please run the following tools locally:
```bash
# Format code
ruff format .
# Check for linting issues
ruff check .
# Sort imports
isort .
# Type checking
mypy .
```
These tools are enforced by CI and your PR will not be merged if any checks fail.
### Signed-off-by Line
All commits must include a `Signed-off-by` line. This certifies that you have the right to submit the code under the project's license and agrees to the [Developer Certificate of Origin (DCO)](https://developercertificate.org/).
To add a signed-off-by line to your commit, use the `-s` flag:
```bash
git commit -s -m "Your commit message"
```
This will automatically add a line like:
```
Signed-off-by: Your Name <your.email@example.com>
```
### Pull Request Process
- Ensure your PR has a clear title and description
- Reference any related issues in your PR description
- Make sure all commits in your PR include the signed-off-by line
- Verify that all tests pass and code meets quality standards
- Run all development tools locally before submitting
- Be prepared to address feedback and make changes if requested
## Questions?
If you have questions about contributing, please open an issue or reach out to the maintainers.
[OpenVEX specification]: https://github.com/openvex/spec/blob/main/OPENVEX-SPEC.md
Raw data
{
"_id": null,
"home_page": null,
"name": "vexipy",
"maintainer": null,
"docs_url": null,
"requires_python": ">=3.9",
"maintainer_email": null,
"keywords": "openvex, security, vex, vulnerability",
"author": null,
"author_email": "Colin Pinnell McAllister <colinmca242@gmail.com>",
"download_url": "https://files.pythonhosted.org/packages/52/ce/3871ba368c25d0e42551e39999bf3627a755971e4a866cef89e4300fc3d8/vexipy-0.2.0.tar.gz",
"platform": null,
"description": "# vexipy\n\n[](https://github.com/colin-pm/vexipy/actions/workflows/validate.yaml)\n\n[](https://scorecard.dev/viewer/?uri=github.com/colin-pm/vexipy)\n[](https://www.bestpractices.dev/projects/10913)\n[](https://github.com/colin-pm/vexipy/actions/workflows/github-code-scanning/codeql)\n\n\n\n\nA Python implementation of the [OpenVEX specification][].\n\nThis library aims to provide a simple-to-use API for creating, validating, and modifying OpenVEX data.\n\n## Installing\n\n```bash\npython3 -m pip install vexipy\n```\n\n## Example Usage\n\n```python\nfrom vexipy import Component, Document, Statement, Vulnerability\n\nvulnerability = Vulnerability(\n id=\"https://nvd.nist.gov/vuln/detail/CVE-2019-17571\",\n name=\"CVE-2019-17571\",\n description=\"The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.\",\n aliases=[\n \"GHSA-2qrg-x229-3v8q\",\n \"openSUSE-SU-2020:0051-1\",\n \"SNYK-RHEL7-LOG4J-1472071\",\n \"DSA-4686-1\",\n \"USN-4495\",\n \"DLA-2065-1\",\n ],\n)\nprint(vulnerability.to_json())\n\ndocument = Document.from_json(\n \"\"\"\n {\n \"@context\": \"https://openvex.dev/ns/v0.2.0\",\n \"@id\": \"https://openvex.dev/docs/example/vex-9fb3463de1b57\",\n \"author\": \"Wolfi J Inkinson\",\n \"role\": \"Document Creator\",\n \"timestamp\": \"2023-01-08T18:02:03.647787998-06:00\",\n \"version\": \"1\",\n \"statements\": [\n {\n \"vulnerability\": {\n \"name\": \"CVE-2014-123456\"\n },\n \"products\": [\n {\"@id\": \"pkg:apk/distro/git@2.39.0-r1?arch=armv7\"},\n {\"@id\": \"pkg:apk/distro/git@2.39.0-r1?arch=x86_64\"}\n ],\n \"status\": \"fixed\"\n }\n ]\n }\n \"\"\"\n)\n\nstatement = Statement(\n vulnerability=Vulnerability(name=\"CVE-2014-123456\"),\n status=\"fixed\",\n)\n\ncomponent = Component(\n identifiers={\"purl\": \"pkg:deb/debian/curl@7.50.3-1?arch=i386&distro=jessie\"},\n hashes={\"md5\": \"a2eec1a40a5315b1e2ff273aa747504b\"},\n)\n\nstatement = statement.update(products=[component])\n\ndocument = document.append_statements(statement)\n```\n\n## Contributing\n\nWe welcome contributions to this project! To contribute, please follow these guidelines:\n\n## How to Contribute\n\n1. **Fork the repository** - Create a fork of this repository to your GitHub account\n2. **Create a feature branch** - Make your changes in a new branch off of `main`\n3. **Make your changes** - Implement your feature or bug fix\n4. **Submit a Pull Request** - Open a PR from your fork's branch to our `main` branch\n\n## Requirements\n\n### Code Quality Standards\n\n- **Tests must pass** - All existing tests must continue to pass\n- **Test coverage** - New code is expected to include appropriate test coverage\n- **PEP standards** - Code must follow Python Enhancement Proposal (PEP) standards\n- **Linting and formatting** - Code must pass all linting and formatting checks\n\n### Development Tools\n\nBefore submitting a PR, please run the following tools locally:\n\n```bash\n# Format code\nruff format .\n\n# Check for linting issues\nruff check .\n\n# Sort imports\nisort .\n\n# Type checking\nmypy .\n```\n\nThese tools are enforced by CI and your PR will not be merged if any checks fail.\n\n### Signed-off-by Line\n\nAll commits must include a `Signed-off-by` line. This certifies that you have the right to submit the code under the project's license and agrees to the [Developer Certificate of Origin (DCO)](https://developercertificate.org/).\n\nTo add a signed-off-by line to your commit, use the `-s` flag:\n\n```bash\ngit commit -s -m \"Your commit message\"\n```\n\nThis will automatically add a line like:\n```\nSigned-off-by: Your Name <your.email@example.com>\n```\n\n### Pull Request Process\n\n- Ensure your PR has a clear title and description\n- Reference any related issues in your PR description\n- Make sure all commits in your PR include the signed-off-by line\n- Verify that all tests pass and code meets quality standards\n- Run all development tools locally before submitting\n- Be prepared to address feedback and make changes if requested\n\n## Questions?\n\nIf you have questions about contributing, please open an issue or reach out to the maintainers.\n\n[OpenVEX specification]: https://github.com/openvex/spec/blob/main/OPENVEX-SPEC.md\n",
"bugtrack_url": null,
"license": null,
"summary": "Python OpenVEX Library",
"version": "0.2.0",
"project_urls": null,
"split_keywords": [
"openvex",
" security",
" vex",
" vulnerability"
],
"urls": [
{
"comment_text": null,
"digests": {
"blake2b_256": "a200babe93540301adfcfcbe917030401be15d462fb2838021d8827519ec8042",
"md5": "2e802e6a07b716354ad4ff4425e39b3a",
"sha256": "b2017568ca073fd86ae2a2b8dba6dde8eca93d2d58d8b7ba5d758e961f645c05"
},
"downloads": -1,
"filename": "vexipy-0.2.0-py3-none-any.whl",
"has_sig": false,
"md5_digest": "2e802e6a07b716354ad4ff4425e39b3a",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": ">=3.9",
"size": 13068,
"upload_time": "2025-07-26T08:30:35",
"upload_time_iso_8601": "2025-07-26T08:30:35.278654Z",
"url": "https://files.pythonhosted.org/packages/a2/00/babe93540301adfcfcbe917030401be15d462fb2838021d8827519ec8042/vexipy-0.2.0-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": null,
"digests": {
"blake2b_256": "52ce3871ba368c25d0e42551e39999bf3627a755971e4a866cef89e4300fc3d8",
"md5": "06bdf655ab67c802f7ff2a27edfbf842",
"sha256": "bdb9fb91db4450539cf2e4584ba2a547d90ab696ee9bebc282f8d9047d0cbdc9"
},
"downloads": -1,
"filename": "vexipy-0.2.0.tar.gz",
"has_sig": false,
"md5_digest": "06bdf655ab67c802f7ff2a27edfbf842",
"packagetype": "sdist",
"python_version": "source",
"requires_python": ">=3.9",
"size": 463256,
"upload_time": "2025-07-26T08:30:36",
"upload_time_iso_8601": "2025-07-26T08:30:36.844695Z",
"url": "https://files.pythonhosted.org/packages/52/ce/3871ba368c25d0e42551e39999bf3627a755971e4a866cef89e4300fc3d8/vexipy-0.2.0.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2025-07-26 08:30:36",
"github": false,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"lcname": "vexipy"
}
