Initialize the VEX feed

Co-Authored-By: Sandipan Panda <87253083+sandipanpanda@users.noreply.github.com> Co-Authored-By: prnvkv <30334952+prnvkv@users.noreply.github.com>
2023-12-15 23:44:37 +05:30 · 2023-12-15 23:44:37 +05:30 · 5ff727ce6b
parent 454e78604f
commit 5ff727ce6b
2 changed files with 35 additions and 0 deletions
--- a/.openvex/templates/README.md
+++ b/.openvex/templates/README.md
@ -0,0 +1,27 @@
+# OpenVEX Templates Directory
+
+This directory contains the OpenVEX data for this repository.
+The files stored in this directory are used as templates by
+`vexctl generate` when generating VEX data for a release or 
+a specific artifact.
+
+To add new statements to publish data about a vulnerability,
+download [vexctl](https://github.com/openvex/vexctl)
+and append new statements using `vexctl add`. For example:
+```
+vexctl add --in-place main.openvex.json pkg:oci/test CVE-2014-1234567 fixed
+```
+That will add a new VEX statement expressing that the impact of
+CVE-2014-1234567 is under investigation in the test image. When
+cutting a new release, for `pkg:oci/test` the new file will be
+incorporated to the relase's VEX data.
+
+## Read more about OpenVEX
+
+To know more about generating, publishing and using VEX data
+in your project, please check out the vexctl repository and
+documentation: https://github.com/openvex/vexctl
+
+OpenVEX also has an examples repository with samples and docs:
+https://github.com/openvex/examples
+
--- a/.openvex/templates/main.openvex.json
+++ b/.openvex/templates/main.openvex.json
@ -0,0 +1,8 @@
+{
+  "@context": "https://openvex.dev/ns/v0.2.0",
+  "@id": "https://openvex.dev/docs/public/vex-081fa16bd7164a81aa33b8897afd8efb325c037636e2709ed5fdd145eacedcf5",
+  "author": "vexctl (automated template)",
+  "timestamp": "2023-12-15T23:43:21.490011+05:30",
+  "version": 1,
+  "statements": []
+}