bitvex 0.1.0

Automate CRA compliance: generate OpenVEX reports from Yocto SBOMs by filtering CVEs with kernel config and device tree analysis
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31

use std::path::PathBuf;

use clap::Parser;

#[derive(Parser, Debug)]
#[command(name = "bitvex", version, about = "CRA compliance tool: generates OpenVEX reports from Yocto build artifacts")]
pub struct Args {
    /// Path to the SBOM in SPDX JSON format
    #[arg(long, value_name = "PATH")]
    pub sbom: PathBuf,

    /// Path to the Linux kernel .config file
    #[arg(long = "kernel-config", value_name = "PATH")]
    pub kernel_config: PathBuf,

    /// Path to the Device Tree source file (.dts)
    #[arg(long = "device-tree", value_name = "PATH")]
    pub device_tree: PathBuf,

    /// Output path for the OpenVEX JSON report
    #[arg(long, short, value_name = "PATH", default_value = "bitvex-report.vex.json")]
    pub output: PathBuf,

    /// Author identifier for the VEX document
    #[arg(long, default_value = "BitVex <bitvex@automated>")]
    pub author: String,

    /// Enable verbose logging
    #[arg(long, short)]
    pub verbose: bool,
}