Support PURL in OpenVEX #4765
Labels
kind/feature
Categorizes issue or PR as related to a new feature.
scan/vulnerability
Issues relating to vulnerability scanning
Milestone
Comments
knqyf263
added
kind/feature
6 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Description
Currently, Trivy supports filtering detected vulnerabilities using the Vulnerability Exploitability Exchange (VEX), with support for the OpenVEX format. This feature is in its experimental phase and has only minimal functionality added 1.
While using Package URLs (PURLs) for comparison was initially avoided due to ambiguities in the comparison methodology, there is an ongoing discussion in the OpenVEX community that presents potential solutions to these issues 2.
Given this ongoing conversation and the potential clarity it can bring to PURL comparison, I propose that we explore the experimental implementation of PURL comparison within Trivy's OpenVEX support.
This issue is intended to start a conversation around this idea, and to explore potential paths for implementation. All thoughts, comments, and suggestions are welcome as we explore this possibility.
The text was updated successfully, but these errors were encountered: