WOLFICTL-VEX-SBOM(1)

NAME¶

wolfictl-vex-sbom - Generate a VEX document from wolfi packages listed in an SBOM

SYNOPSIS¶

wolfictl vex sbom [flags] sbom.spdx.json

DESCRIPTION¶

wolfictl vex sbom: Generate a VEX document from wolfi packages listed in an SBOM

The vex sbom subcommand generates VEX documents describing how vulnerabilities impact Wolfi packages listed in an SBOM. This subcommand reads SPDX SBOMs and will recognize and capture all packages identified as Wolfi OS components by its purl. For example, if an SBOM contains a package with the following purl:

pkg:apk/wolfi/curl@7.87.0-r0

wolfictl will read the melange configuration file that created the package and create a VEX document containing impact assessments in its advisories.

wolfictl will read the melange config files from an existing wolfi-dev/os clone or, if not specified, it will clone the repo for you.

OPTIONS¶

--author=""
author of the VEX document

-h, --help[=false]
help for sbom

--repo=""
path to a local clone of the wolfi-dev/os repo

--role=""
role of the author of the VEX document

OPTIONS INHERITED FROM PARENT COMMANDS¶

--log-level="WARN"
log level (e.g. debug, info, warn, error)

EXAMPLE¶

wolfictl vex sbom --author=joe@doe.com sbom.spdx.json

Source file:	wolfictl-vex-sbom.1.en.gz (from wolfictl 0.38.19-1.1)
Source last updated:	2025-10-20T05:38:26Z
Converted to HTML:	2025-11-02T03:22:01Z