vex

Upload a VEX document to DevGuard

Synopsis

Upload a VEX (Vulnerability Exploitability eXchange) document to DevGuard.

A VEX document lets you tell DevGuard that a known CVE in one of your dependencies is not actually exploitable in your specific application — for example because you do not call the vulnerable code path, or because the affected feature is disabled.

Without a VEX document, DevGuard will report all CVEs found in your SBOM as open findings. With a VEX document, suppressed findings are hidden from the dashboard and do not count against your risk score.

VEX documents use the CycloneDX format. Most tools that generate SBOMs can also generate VEX.

Examples

Options

Options inherited from parent commands

Have feedback? We want to hear from you!

Fields marked with * are required