Hi Sandeep, The SPDX Defects working group announced security enhancements to the ExternalReference section<https://github.com/spdx/spdx-spec/blob/b57e348b19b4ba03474c7293f2c5b86878e23d4c/chapters/external-repository-identifiers.md#f2-security-> of the spec as well as an explanatory Annex about how to include security information in an SPDX document<https://github.com/spdx/spdx-spec/blob/e25d183ade64c123770412297b9bf5086a7ed0bf/chapters/how-to-use.md#g1-including-security-information-in-a-spdx-document>. These changes apply to spec version 2.3 which should be released by the end of the month.
In order to include security/vulnerability information in 2.3, you will want to use the SECURITY ExternalReference Type. When using this format, there’s several security identifiers available: cpe22type, cpe23type, advisory, fix, url or swid that you can use to reference a VEX document. You can see examples of how this might be done in the link to Annex G above. I’m also adding the SPDX Defects workgroup to the CC in case you have any further questions. Thanks, Rose Subject: [EXT] [spdx] VEX integration in SPDX #spdx Date: Tue, 31 May 2022 22:49:51 -0700 From: Patil, Sandeep via lists.spdx.org <[email protected]><mailto:[email protected]> Reply-To: [email protected]<mailto:[email protected]> To: [email protected]<mailto:[email protected]> Hi , Is there any roadmap to integrate VEX to with SPDX ? Or is there already way in current SPDX specification to integrate vulnerability information ? Regards Sandeep ________________________________ ⚠ External Email: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender. -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#1531): https://lists.spdx.org/g/spdx/message/1531 Mute This Topic: https://lists.spdx.org/mt/91504626/21656 Mute #spdx:https://lists.spdx.org/g/spdx/mutehashtag/spdx Group Owner: [email protected] Unsubscribe: https://lists.spdx.org/g/spdx/leave/2655439/21656/1698928721/xyzzy [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
