ContextLocator returns the locator string for the current OpenVEX version.

DateFromEnv returns a time object representing the time specified in the `SOURCE_DATE_EPOCH` environment variable, whose value can be specified as either UNIX seconds or as a RFC3339 value.

Justifications returns a list of the valid Justification values.

Load reads the VEX document file at the given path and returns a decoded VEX object.

MergeDocuments is a convenience wrapper over MergeDocumentsWithOptions that does not take options.

Merge combines the statements from a number of documents into a new one, preserving time context from each of them.

MergeFiles is a convenience wrapper around MergeFilesWithOptions that does not take options but performs the merge using the default options.

MergeFilesWithOptions opens a list of vex documents and after parsing them merges them into a single file using the specified merge options.

New returns a new, initialized VEX document.

Open tries to autodetect the vex format and open it.

OpenCSAF opens a CSAF document and builds a VEX object from it.

OpenJSON opens an OpenVEX file in JSON format.

OpenYAML opens a VEX file in YAML format.

Parse parses an OpenVEX document in the latest version from the data byte array.

PurlMatches returns true if purl1 matches the more specific purl2.

SortDocuments sorts and returns a slice of documents based on their date.

SortStatements does an "in-place" sort of the given slice of VEX statements.

Statuses returns a list of the valid Status values.

StatusFromCSAF returns a vex status from the CSAF status.

The following list of algorithms follows and expands the IANA list at: https://www.iana.org/assignments/named-information/named-information.xhtml It expands it, trying to keep the naming pattern.

The following list of algorithms follows and expands the IANA list at: https://www.iana.org/assignments/named-information/named-information.xhtml It expands it, trying to keep the naming pattern.

The following list of algorithms follows and expands the IANA list at: https://www.iana.org/assignments/named-information/named-information.xhtml It expands it, trying to keep the naming pattern.

The following list of algorithms follows and expands the IANA list at: https://www.iana.org/assignments/named-information/named-information.xhtml It expands it, trying to keep the naming pattern.

ComponentNotPresent means the vulnerable component is not included in the artifact.

Context is the URL of the json-ld context definition.

DefaultAuthor is the default value for a document's Author field.

DefaultRole is the default value for a document's AuthorRole field.

InlineMitigationsAlreadyExist means [product_id] includes built-in protections or features that prevent exploitation of the vulnerability.

The following list of algorithms follows and expands the IANA list at: https://www.iana.org/assignments/named-information/named-information.xhtml It expands it, trying to keep the naming pattern.

NoActionStatementMsg is the action statement that informs that there is no action statement :/.

PublicNamespace is the public openvex namespace for common @ids.

The following list of algorithms follows and expands the IANA list at: https://www.iana.org/assignments/named-information/named-information.xhtml It expands it, trying to keep the naming pattern.

The following list of algorithms follows and expands the IANA list at: https://www.iana.org/assignments/named-information/named-information.xhtml It expands it, trying to keep the naming pattern.

The following list of algorithms follows and expands the IANA list at: https://www.iana.org/assignments/named-information/named-information.xhtml It expands it, trying to keep the naming pattern.

The following list of algorithms follows and expands the IANA list at: https://www.iana.org/assignments/named-information/named-information.xhtml It expands it, trying to keep the naming pattern.

The following list of algorithms follows and expands the IANA list at: https://www.iana.org/assignments/named-information/named-information.xhtml It expands it, trying to keep the naming pattern.

The following list of algorithms follows and expands the IANA list at: https://www.iana.org/assignments/named-information/named-information.xhtml It expands it, trying to keep the naming pattern.

The following list of algorithms follows and expands the IANA list at: https://www.iana.org/assignments/named-information/named-information.xhtml It expands it, trying to keep the naming pattern.

The following list of algorithms follows and expands the IANA list at: https://www.iana.org/assignments/named-information/named-information.xhtml It expands it, trying to keep the naming pattern.

SpecVersion is the latest released version of the openvex.

StatusAffected means actions are recommended to remediate or mitigate.

StatusFixed means the listed products or components have been remediated (by including fixes).

StatusNotAffected means no remediation or mitigation is required.

StatusUnderInvestigation means the author of the VEX statement is investigating.

TypeURI is the type used to describe VEX documents, e.g.

VulnerableCodeCannotBeControlledByAdversary means the vulnerable code cannot be controlled by an attacker to exploit the vulnerability.

VulnerableCodeNotInExecutePath means the vulnerable code (likely in [subcomponent_id]) can not be executed as it is used by [product_id].

VulnerableCodeNotPresent means the vulnerable component is included in artifact, but the vulnerable code is not present.

DefaultNamespace is the URL that will be used to generate new IRIs for generated documents and nodes.

Component abstracts the common construct shared by product and subcomponents allowing OpenVEX statements to point to a piece of software by referencing it by hash or identifier.

The Metadata type represents the metadata associated with a VEX document.

Product abstracts the VEX product into a struct that can identify software through various means.

A Statement is a declaration conveying a single [status] for a single [vul_id] for one or more [product_id]s.

Subcomponents are nested entries that list the product's components that are related to the statement's vulnerability.

The VEX type represents a VEX document and all of its contained information.

Vulnerability is a struct that captures the vulnerability identifier and its aliases.

Justification describes why a given component is not affected by a vulnerability.

Status describes the exploitability status of a component with respect to a vulnerability.

VulnerabilityID is a string that captures a vulnerability identifier.