Skip to content

v0.2.5

Latest
Latest
Compare
Choose a tag to compare
@puerco puerco released this 21 Aug 20:16
· 78 commits to main since this release
v0.2.5
b05ec1f
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

Release Notes

This release implements version v0.2.0 of the OpenVEX spec in the go-vex module. This is the first revision to the specification which incorporates the changes discussed and approved by the community in the OPEV-0014 and OPEV-0015 enhancement proposals.

THIS RELEASE INTRODUCES A BREAKING CHANGE

The vex.VEX struct is not compatible with previous versions. Note that the release version has been kept in the v0.2.x range to keep the go-vex module version number close to the spec revision. Future releases will be on par with the spec versions and in line with good semver practices.

Release Notes:

  • The OpenVEX Document format (vex.VEX) now conforms to the v0.2.0 spec.
  • vex.Open() now has a compatibility mode that lets it seamlessly import
    documents in previous OpenVEX versions.
  • All OpenVEX structs (document, statements, vulnerabilities, etc) now have
    functions to match software identifiers and vulnerability IDs.
  • The document merging functions from vexctl have been ported to the vex
    package. Applications importing the go-vex module can now merge documents
    without needing to import the vexctl CLI as a module.
Assets 3