Skip to main content

bitvex/
lib.rs

1//! # BitVex
2//!
3//! Automated CRA (Cyber Resilience Act) compliance tool for embedded Linux.
4//!
5//! BitVex generates spec-compliant OpenVEX reports from Yocto build artifacts
6//! by filtering CVEs against actual hardware configuration.
7//!
8//! ## Features
9//!
10//! - **Hardware-aware CVE filtering** — kernel config, device tree, U-Boot filters
11//! - **EPSS integration** — exploit prediction scoring from FIRST.org
12//! - **Rules engine** — custom filtering via `bitvex.toml`
13//! - **Offline mode** — scan without internet using local databases
14//! - **Multi-format output** — OpenVEX JSON-LD and SARIF 2.1.0
15//! - **Watch mode** — continuous monitoring with file change detection
16//!
17//! ## Quick Start
18//!
19//! The primary way to use BitVex is as a CLI tool:
20//!
21//! ```bash
22//! # One-time scan
23//! bitvex --sbom path/to/spdx.json --kernel-config path/to/.config \
24//!        --device-tree path/to/board.dts --output report.vex.json
25//!
26//! # Continuous monitoring
27//! bitvex watch --config bitvex-watch.toml
28//! ```
29//!
30//! For programmatic use, the library exposes the core parsing and filtering
31//! functions:
32//!
33//! ```rust,no_run
34//! use bitvex::sbom::parse_spdx_sbom;
35//! use bitvex::filters::kernel_config::parse_kernel_config;
36//!
37//! // Parse SBOM
38//! let sbom_data = std::fs::read("path/to/spdx.json").unwrap();
39//! let packages = parse_spdx_sbom(&sbom_data).unwrap();
40//! println!("Found {} packages", packages.len());
41//!
42//! // Parse kernel config
43//! let config = parse_kernel_config(std::path::Path::new("path/to/.config")).unwrap();
44//! println!("Loaded {} config entries", config.len());
45//! ```
46
47pub mod cli;
48pub mod epss;
49pub mod filters;
50pub mod osv;
51pub mod output;
52pub mod pipeline;
53pub mod rules;
54pub mod sbom;
55pub mod vex;
56pub mod watch;