OpenVEX (original) (raw)

Welcome to OpenVEX!

OpenVEX is an implementation of theVulnerability Exploitability Exchange(VEX for short) that is designed to be minimal, compliant, interoperable, and embeddable.

OpenVEX is...

A Specification

OpenVEX documents are minimal JSON-LD files that capture the minimal requirements for VEX as defined by the VEX working group organized by CISA. TheOpenVEX Specificationis owned and steered by the community.

A Go Library

The project has a go library (openvex/go-vex) that lets projects generate, transform and consume OpenVEX files. It enables the ingestion of VEX metadata expressed in other VEX implementations.

A Set of Tools

Work is underway to create the tools software authors and consumers need to handle VEX metadata. The current flagship project isvexctl, a CLI to create, merge and attest VEX documents.

The project has a growing ecosystem with known implementations in:

• Go (original): https://github.com/openvex/go-vex
• .NET: NuGet GitHub
• Rust: https://docs.rs/openvex/latest/openvex/