SBOM/VEX info update#572
Draft
sboldyreva wants to merge 3 commits into
Draft
Conversation
Move VEX detail out of the SBOM bullet into a dedicated section, and reflect the actual two-state model (exploitable / resolved) TuxCare publishes — replacing the standard CycloneDX four-state list that was copy-pasted on these pages but doesn't match what is in our feeds. - securechain, els-for-libraries: rewrite VEX section with feed lifecycle, status values, recommendation to filter to the latest -tuxcare.N iteration, and the per-language feed URLs - els-for-applications, els-for-runtimes: replace the VEX text in the Enhanced Metadata bullet with a short VEX-specific bullet pointing to the public feed ELSDOC-167, ELSDOC-288 https://claude.ai/code/session_01JrcTq4ouwM9DoNyZFssyb2
…ullets Move SBOM/VEX detail off the product overview pages into dedicated Machine-Readable Security Data pages, and reword the Transparency & Visibility bullets so they describe the bundle without baking in specifics that drift out of date. - New pages under Resources for SecureChain, ELS for Libraries, and ELS for Open-Source Applications, each with format/state/feed detail and the per-ecosystem links that previously lived only on individual product pages. - Libraries page gathers per-ecosystem VEX/SBOM feeds for Java, Python, JavaScript, PHP, and .NET. Applications page covers the Java apps (Tomcat, Hadoop, Hive, Gradle, Maven); other application ecosystems flagged as expanding. SecureChain points at the general VEX feed; SBOM listed as coming soon. - Sidebar updated to list the new pages under Resources for all three sections. - Runtimes Transparency bullet points to the existing CSAF-based machine-readable-security-data page rather than the CycloneDX VEX index, since runtimes publish VEX through CSAF. ELSDOC-167, ELSDOC-288 https://claude.ai/code/session_01JrcTq4ouwM9DoNyZFssyb2
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.