kubernetes-sigs · ricardoapl · May 21, 2024
diff --git a/.openvex/templates/README.md b/.openvex/templates/README.md
@@ -0,0 +1,27 @@
+# OpenVEX Templates Directory
+
+This directory contains the OpenVEX data for this repository.
+The files stored in this directory are used as templates by
+`vexctl generate` when generating VEX data for a release or 
+a specific artifact.
+
+To add new statements to publish data about a vulnerability,
+download [vexctl](https://github.com/openvex/vexctl)
+and append new statements using `vexctl add`. For example:
+```
+vexctl add --in-place main.openvex.json pkg:oci/test CVE-2014-1234567 fixed
+```
+That will add a new VEX statement expressing that the impact of
+CVE-2014-1234567 is under investigation in the test image. When
+cutting a new release, for `pkg:oci/test` the new file will be
+incorporated to the relase's VEX data.
+
+## Read more about OpenVEX
+
+To know more about generating, publishing and using VEX data
+in your project, please check out the vexctl repository and
+documentation: https://github.com/openvex/vexctl
+
+OpenVEX also has an examples repository with samples and docs:
+https://github.com/openvex/examples
+
diff --git a/.openvex/templates/main.openvex.json b/.openvex/templates/main.openvex.json
@@ -0,0 +1,8 @@
+{
+ "@context": "https://openvex.dev/ns/v0.2.0",
+ "@id": "https://openvex.dev/docs/public/vex-ac6818e9628eb70212cce0c7c636dcc04e554c843b12fd9c35be87496ccf5981",
+ "author": "vexctl (automated template)",
+ "timestamp": "2024-05-21T20:39:00.38997+01:00",
+ "version": 1,
+ "statements": []
+}