Skip to content

This issue was moved to a discussion.

You can continue the conversation there. Go to discussion →

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Why vex affects has versions #309

Closed
tomekkolo opened this issue Sep 15, 2023 · 0 comments
Closed

Why vex affects has versions #309

tomekkolo opened this issue Sep 15, 2023 · 0 comments

Comments

@tomekkolo
Copy link

tomekkolo commented Sep 15, 2023
edited
Loading

See CycloneDX/bom-examples#41.

Why vex specifies affects.version or range if affects.ref is unique bom-ref? Is it intended as a comment or what is the purpose ? Vulnerability is anyway always matched by bom-ref, so as in linked example it is confusing what to do.
@CycloneDX CycloneDX locked and limited conversation to collaborators Sep 16, 2023
@stevespringett stevespringett converted this issue into discussion #310 Sep 16, 2023

This issue was moved to a discussion.

You can continue the conversation there. Go to discussion →

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@tomekkolo