With VEX, you can use SBOMs to help secure your code. The good thing about https://thenewstack.io/how-to-create-a-software-bill-of-materials/ pronounced SBOMB — is they show you a complete inventory of your application’s open source components.

You can do this by representing VEX data inside an existing SBOM, or within a dedicated VEX SBOM. Within VEX records, you’ll find the following elements: VEX metadata includes VEX Format Identifier, Identifier string for the VEX document, Author, Author role, and Timestamp.

With VEX, you’ll be able to spot the affected vulnerabilities while letting them ignore component vulnerabilities that aren’t exploitable.

Related Articles