npm

vexctl

Create, transform, and attest VEX vulnerability metadata

brewmacoslinux

Try with needOr install directly

Source

About

Tool to create, transform and attest VEX metadata

Commands

vexctl

Examples

Create a VEX document attesting that a component is not affected by a vulnerability$ vexctl create --product purl:pkg/example/app@1.0 --vulnerability CVE-2024-12345 --status not_affected

Merge multiple VEX documents into a single consolidated document$ vexctl merge vex1.json vex2.json vex3.json --output merged-vex.json

Attest and sign a VEX document with a private key$ vexctl attest vex-document.json --key private.pem --output signed-vex.json