The Advantage of Using VEX SBOMs

Ben Strozykowski18 Feb 2025
git clone https://github.com/NeuraLegion/brokencrystals.git
cd brokencrystals 
npm install
npm sbom --sbom-format cyclonedx > sbom.json
go install github.com/openvex/vexctl@latest
vexctl create --product="pkg:npm/libxmljs@1.0.11" \
            --vuln="CVE-2024-34392" \
            --status="not_affected" \
            --justification="vulnerable_code_not_present"
{
  "@context": "https://openvex.dev/ns/v0.2.0",
  "@id": "https://openvex.dev/docs/public/vex-fc7aa4d2618d658c2dbbaf3e09cb11dee3786efad6a9de4c8c13b6672a6e25f2",
  "author": "Unknown Author",
  "timestamp": "2025-02-11T09:53:27.082143077-05:00",
  "version": 1,
  "statements": [
    {
    "vulnerability": {
        "name": "CVE-2024-34392"
    },
    "timestamp": "2025-02-11T09:53:27.08214467-05:00",
    "products": [
        {
        "@id": "pkg:npm/libxmljs@1.0.11"
        }
    ],
    "status": "not_affected",
    "justification": "vulnerable_code_not_present"
    }
  ]
}
python -m pip install cyclonedx-editor-validator
cdx-ev merge-vex –-output-file enhanced-sbom.json sbom.json vex.json

Get A Demo