You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I had a look at your lib4vex library and had a go with the parser. For OpenVEX I found some differences between their specification and what can be parsed by your library. Are these differences intended?
A statement can not be parsed without a timestamp. According to the specification the timestamp is not mandatory but can cascade down from the document.
The @id of a product must not necessarily be a PURL. You could specify the PURL in the `identifiers
Due to the specification a statement can have a list of products, but your lib4vex supports only one product.
Products in OpenVEX can have subcomponents. These can be useful to express which library in the product is actually affected by the vulnerability. Do you plan to support this in the future?
The text was updated successfully, but these errors were encountered:
From Stefan Fleckenstein
I had a look at your lib4vex library and had a go with the parser. For OpenVEX I found some differences between their specification and what can be parsed by your library. Are these differences intended?
The text was updated successfully, but these errors were encountered: