Expand description
OpenVEX 0.2.0 document generation from a Socket Patch manifest.
Self-contained so it can be lifted into its own crate later. The module is organized as:
schema— hand-rolled OpenVEX 0.2.0 serde structs.build— manifest + applied-set →schema::Document.product— auto-detect the top-level product PURL from the filesystem (package.json / pyproject.toml / Cargo.toml).verify— partition manifest entries by on-disk hash check.time— minimal RFC 3339 timestamp formatter (no chrono).
Cross-references against the Go reference implementation
(https://github.com/openvex/go-vex) live next to the affected
struct in schema.
Re-exports§
pub use build::build_document;pub use build::BuildOptions;pub use product::detect_product;pub use product::DetectResult;pub use schema::Document;pub use schema::Justification;pub use schema::Product;pub use schema::Statement;pub use schema::Status;pub use schema::Subcomponent;pub use schema::Vulnerability;pub use schema::OPENVEX_CONTEXT_V0_2_0;pub use verify::applied_patches;pub use verify::FailedPatch;pub use verify::VerifyOutcome;