git clone https://github.com/NeuraLegion/brokencrystals.git
cd brokencrystals
npm install
npm sbom --sbom-format cyclonedx > sbom.json
go install github.com/openvex/vexctl@latest
vexctl create --product="pkg:npm/libxmljs@1.0.11" \
--vuln="CVE-2024-34392" \
--status="not_affected" \
--justification="vulnerable_code_not_present"
{
"@context": "https://openvex.dev/ns/v0.2.0",
"@id": "https://openvex.dev/docs/public/vex-fc7aa4d2618d658c2dbbaf3e09cb11dee3786efad6a9de4c8c13b6672a6e25f2",
"author": "Unknown Author",
"timestamp": "2025-02-11T09:53:27.082143077-05:00",
"version": 1,
"statements": [
{
"vulnerability": {
"name": "CVE-2024-34392"
},
"timestamp": "2025-02-11T09:53:27.08214467-05:00",
"products": [
{
"@id": "pkg:npm/libxmljs@1.0.11"
}
],
"status": "not_affected",
"justification": "vulnerable_code_not_present"
}
]
}
python -m pip install cyclonedx-editor-validator
cdx-ev merge-vex –-output-file enhanced-sbom.json sbom.json vex.json