Davide Fucci

icon indicating a website link dfucci.co

icon company SERT icon location Sweden icon location Researcher in software engineering (software craftsmanship, requirements engineering, and more) at Blekinge Institute of Technology

Results 14 comments of Davide Fucci

docs(security): add VEX file with vulnerabilities information to SBOM

> Looks two of them are already resolved since your script ran, but two of them point to places we could maybe recommend higher minimums, so thank you for that!...

docs(security): add VEX file with vulnerabilities information to SBOM

@terriko, thank you so much for the effort you put into this PR and the words of encouragement 🙏

Add VEX file with vulnerabilities information to SBOM

Thank you for your answer and for following up on this. Feel free to use the [script](https://gist.github.com/dfucci/055db60081cf188791ea593a149e1073) to generate the VEX. Notice that it depends on `osv-scanner`, so if you...

add VEX file with vulnerabilities information to SBOM

Thanks for your feedback, @sseide. You’re right that VEX and SBOM should stay aligned. A VEX can easily be added to the deployment pipeline—see our [script](https://gist.github.com/dfucci/055db60081cf188791ea593a149e1073) for reference. On the...