https://deploy-preview-3155--ornate-narwhal-088216.netlify.app/tags/vex/Recent content in VEX onHugo -- gohugo.ioen-USTue, 31 Jan 2023 15:21:01 +0200https://deploy-preview-3155--ornate-narwhal-088216.netlify.app/open-source/sbom/getting-started-openvex-vexctl/Mon, 30 Jan 2023 15:21:01 +0200https://deploy-preview-3155--ornate-narwhal-088216.netlify.app/open-source/sbom/getting-started-openvex-vexctl/The vexctl CLI is a tool to make VEX work. As part of the open source OpenVex project, vexctl enables you to create, apply, and attest VEX (Vulnerability Exploitability eXchange) data in order to filter out false positive security alerts. The vexctl tool was built to help with the creation and management of VEX documents, communicate transparently to users as time progresses, and enable the “turning off” of security scanner alerts of vulnerabilities known not to affect a given product.https://deploy-preview-3155--ornate-narwhal-088216.netlify.app/open-source/sbom/what-is-openvex/Tue, 31 Jan 2023 15:21:01 +0200https://deploy-preview-3155--ornate-narwhal-088216.netlify.app/open-source/sbom/what-is-openvex/OpenVEX is an open source specification, library, and suite of tools designed to enable software users to eliminate vulnerability noise and focus their security efforts on vulnerabilities that pose an immediate risk. Released by Chainguard in January 2023, it’s the first set of open source tools to support the VEX specification championed by the United States National Telecommunications and Information Administration (NTIA) and the Cybersecurity and Infrastructure Security Agency (CISA).