GoVEX

Overview

govex is a vulerability reporting solution and library to create and share vulnerability reports via a variety of formats including XLSX, CSV, Markdown, and a git repository. It uses its own VEX vulnerability format that other data sources can be converted to. The reports generated can be used interally (e.g. git repo) or distributed externally (e.g. XLSX). Being written in Go, it can also be easily implemented in CI/CD pipelines and workflows.

Features

1. Generic Vulnerability Structs: There is no widely adopted general format for vulnerabilty information across many database and scanning tools. To facilitate interoperability across different data sources, GoVEX provides its own definition of govex structs for vulnerabilities. The format used here is prioritized for use cases supported by this package, currently writing tabular and text reports.
2. Vulnerability Reports: Reports in XLSX, CSV, or Markdown is supported via conversion of Vulnerabilities slice to a GoCharts Table via Vulnerabilities.Table() with customizable columns.
3. Vulnerability Reports Website: Creation of a Markdown website for managing reports across multiple git-based projects with history is available using SiteWriter. This currently intended to be used with a git UI, but may have future support for a Docs-as-Code documentation generator such as MkDocs.
4. CI/CD Integration: The Cmd wrappers provide convenient commans that can be integrated into a CI/CD pipeline with proper OS exit codes.

Integrations

1. Grype via github.com/grokify/gogrype

Code Visualization

1. GitHub Next Visualization (Article)

Contributing

1. By contributing to this repository, you agree that your contributions will be licensed under the MIT License.
2. Commits style uses Conventional Commits conventions available here: https://www.conventionalcommits.org/