A vulnerability scanner for container images and filesystems

Library to ingest and generate VEX documents

Python CVE reachability, SCA triage, SBOM enrichment, and supply-chain security evidence for GitHub Actions and CI.

SBOM diff with supply-chain risk signals — flags new CVEs, typosquats, and young maintainers on changed deps. Built after axios (Mar 2026), Shai-Hulud, and xz.

Java library for generating, consuming, and operating on OpenVEX documents

.NET types for OpenVEX documents

Threat-informed CLI for prioritizing known CVEs with NVD, EPSS, KEV, ATT&CK, VEX, and asset context

VEX document crawler and aggregator

A GitHub Action that merges VEX statement files together into a single merged file for use with other tooling

VEX statements for SUSE Observability product images. Consumable by Trivy via --vex repo.