"OpenVEX and AWS Security Hub Integration: A Technical Deep-Dive Guide" by Furkan SAYIM
#aws #securityhub #opensource #devsecops #cicd
#aws #securityhub #opensource #devsecops #cicd
OpenVEX and AWS Security Hub Integration: A Technical Deep-Dive Guide
Integrating OpenVEX with AWS Security Hub enables smarter vulnerability management by reducing false positives and automating risk prioritization. This guide explores how to streamline security operations and enhance compliance with industry standards. Ready to optimize your security workflow?
community.aws
February 20, 2025 at 11:00 AM
Everybody can reply
OSIM aims to build a unifying framework incorporating existing SBOM data models, including CSAF, CycloneDX, OpenVEX, and SPDX #OSIM #SupplyChainSecurity #SBOM #OASIS #ApplicationSecurity
tinyurl.com/38kjaf8b
tinyurl.com/38kjaf8b
OASIS Open's push for a software supply chain standard: All together now?
OSIM aims to build a unifying framework incorporating existing SBOM data models, including CSAF, CycloneDX, OpenVEX, and SPDX. more
tinyurl.com
June 27, 2024 at 9:17 PM
Everybody can reply
You can't patch every CVE—but you can explain every one.
Anchore 5.22 brings VEX annotations + OpenVEX export to make vulnerability data contextual and credible.
https://anchore.com/blog/anchore-enterprise-5-22/
#OpenVex #PURL #SoftwareSupplyChain #VulnerabilityManagement
Anchore 5.22 brings VEX annotations + OpenVEX export to make vulnerability data contextual and credible.
https://anchore.com/blog/anchore-enterprise-5-22/
#OpenVex #PURL #SoftwareSupplyChain #VulnerabilityManagement
October 24, 2025 at 4:39 AM
Everybody can reply
1 likes
False positives from RHEL EUS? Not anymore.
Anchore 5.22 detects EUS content automatically for accurate vulnerability reports.
Learn what's new → https://anchore.com/blog/anchore-enterprise-5-22/
#OpenVex #PURL #SoftwareSupplyChain #VulnerabilityManagement
Anchore 5.22 detects EUS content automatically for accurate vulnerability reports.
Learn what's new → https://anchore.com/blog/anchore-enterprise-5-22/
#OpenVex #PURL #SoftwareSupplyChain #VulnerabilityManagement
October 26, 2025 at 3:33 PM
Everybody can reply
The latest update for #Rancher includes "Fix What Matters: SUSE Application Collection Adds Real Context to CVEs With OpenVEX" and "Harvester 1.5 Extends #Kubernetes-Native Virtualization to ARM64and CSI-Compliant Storage".
#devops #cloud https://opsmtrs.com/3gHLLeQ
#devops #cloud https://opsmtrs.com/3gHLLeQ
Rancher
Rancher is a complete software stack for teams adopting containers. It addresses the operational and security challenges of managing multiple Kubernetes clusters, while providing DevOps teams with integrated tools for running containerized workloads.
opsmtrs.com
May 29, 2025 at 5:18 AM
Everybody can reply
Listening to @puerco.mx talk about OpenVEX and Kubernetes at VulnCon.
He showed off vexflow, a new automation tool for handling VEX statements in OSS projects. Looks very cool!
github.com/carabiner-de...
He showed off vexflow, a new automation tool for handling VEX statements in OSS projects. Looks very cool!
github.com/carabiner-de...
GitHub - carabiner-dev/vexflow: A tool and framework to manage a vulnerability's assessment lifecycle through VEX.
A tool and framework to manage a vulnerability's assessment lifecycle through VEX. - carabiner-dev/vexflow
github.com
April 7, 2025 at 4:56 PM
Everybody can reply
2 likes
we also puts the OpenVEX transformer to work to suppress non-exploitable vulnerabilities. All signed and verified with sigstore, of course.
This demo also shows the new support in AMPEL to write policies in HJSON, which makes them sooo much readable. Take a look!!!
This demo also shows the new support in AMPEL to write policies in HJSON, which makes them sooo much readable. Take a look!!!
October 23, 2025 at 2:57 PM
Everybody can reply
One Open-source Project Daily A vulnerability scanner for container https://github.com/anchore/grype #1ospd #opensource #docker #golang #security #tool #containers #oci #vulnerability #vex #vulnerabilities #containerimage #cyclonedx #openvex
Interest | Match | Feed
Interest | Match | Feed
Origin
hatoya.cafe
August 12, 2025 at 3:00 AM
Everybody can reply
1 reposts
1 likes
🔒 שדרגו את ניהול האבטחה עם OpenVEX ו-AWS Security Hub! פחות התראות שווא, יותר אוטומציה וציות לתקנים. רוצים לייעל? #AWS #Security
OpenVEX and AWS Security Hub Integration: A Technical Deep-Dive Guide
community.aws
February 20, 2025 at 10:37 AM
Everybody can reply
Check out the latest update from the OpenSSF Vulnerability Disclosures Working Group by Christopher “CRob” Robinson on topics like CVD guides, OSV Schema, OpenVEX, Autofix SIG, OSS-SIRT SIG, & how you can get involved
OpenSSF Vulnerability Disclosures Working Group Helps Guide and Automate Handling Risk - Open Source...
The OpenSSF Vulnerability Disclosures Working Group aims to improve open source security by developing and advocating well-managed vulnerability reporting and communication. We do so by documenting an...
openssf.org
July 27, 2023 at 6:35 PM
Everybody can reply
Attention vulnerability management nerds!
If you are at #Kubecon in London, come hear how @kubernetes.io Release Engineering and SIG Security are building the K8s VEX feed.
We'll show off slick new tools coming out to manage @openssf.org OpenVEX to help VEXing your CRA woes✌🏽
(17:30 in L1/S10/C)
If you are at #Kubecon in London, come hear how @kubernetes.io Release Engineering and SIG Security are building the K8s VEX feed.
We'll show off slick new tools coming out to manage @openssf.org OpenVEX to help VEXing your CRA woes✌🏽
(17:30 in L1/S10/C)
April 3, 2025 at 2:05 PM
Everybody can reply
1 reposts
7 likes
One more openssf project - https://openssf.org/projects/openvex/
openssf.org
August 4, 2025 at 9:58 AM
Everybody can reply
"Ariadne Conill, co-founder of Edera, added that the CVE system is central to global security infrastructure, and called for modernization through linked data frameworks like JSON-LD and OpenVEX to reduce reliance on a single point of failure."
MITRE Contract Expiration Threatens Global Vulnerability Coordination
MITRE Contract Expiration Threatens Global Vulnerability Coordination
A critical U.S. government contract that underpins MITRE's stewardship of the CVE program is set to expire today, putting security at risk.
cyberinsider.com
April 16, 2025 at 3:06 PM
Everybody can reply
1 reposts
5 likes
One Open-source Project Daily A vulnerability scanner for container https://github.com/anchore/grype #1ospd #opensource #docker #golang #security #tool #containers #oci #vulnerability #vex #vulnerabilities #containerimage #cyclonedx #openvex
Interest | Match | Feed
Interest | Match | Feed
Origin
hatoya.cafe
August 12, 2025 at 3:00 AM
Everybody can reply
1 reposts
2 likes
Research shows 97% of component vulnerabilities aren't exploitable in final products.
Your customers don't know this. They just see the scanner results.
Anchore 5.22 adds OpenVEX support. Stop explaining. Start exporting.
https://anchore.com/blog/anchore-enterprise-5-22/
Your customers don't know this. They just see the scanner results.
Anchore 5.22 adds OpenVEX support. Stop explaining. Start exporting.
https://anchore.com/blog/anchore-enterprise-5-22/
October 30, 2025 at 1:10 AM
Everybody can reply
The public sector faces unique #SupplyChainSecurity challenges—but open source can help!
In this blog, Daniel Moch (Lockheed Martin) explores how transparency, SLSA, & OpenVEX strengthen security for critical infrastructure.
Read more: openssf.org/blog/2025/02...
In this blog, Daniel Moch (Lockheed Martin) explores how transparency, SLSA, & OpenVEX strengthen security for critical infrastructure.
Read more: openssf.org/blog/2025/02...
February 6, 2025 at 5:21 PM
Everybody can reply
1 quotes
4 likes