Discover how to revolutionize vulnerability management in this 33-minute conference talk from the Cloud Native Computing Foundation (CNCF). Learn about VEX (Vulnerability Exploitability eXchange) and its role in solving vulnerability management challenges. Explore the benefits of producing VEX for container image deliverables in open-source projects, including reduced false positives in security scans and improved focus on real security issues. Gain insights into automating VEX generation for Kubernetes workloads using Kubescape, a CNCF project designed to identify misconfigurations and vulnerabilities. Examine a new GitHub Action that streamlines VEX file generation in release processes, enhancing vulnerability management for both project maintainers and users.
How to Generate VEX Automatically for Your Project
CNCF [Cloud Native Computing Foundation] via YouTube
Overview
Syllabus
How to Generate VEX Automatically for Your Project - Shlomo Heigh, CyberArk & Ben Hirschberg, ARMO
Taught by
CNCF [Cloud Native Computing Foundation]
Related Courses
-
Generating VEX Documents with Kubescape
-
Enabling VEX and Full SBOM Coverage with Wolfi Based Containers
-
Your Software IS - NOT Vulnerable - CSAF, VEX, and the Future of Advisories
-
SBOMs, VEX, and Kubernetes - Software Supply Chain Security in Cloud Native Environments
-
Scan, Patch, VEX - Using Open Source Tools to Manage Vulnerabilities in Containers
-
Understanding Exploitability with VEX, EPSS, and Other Standard Frameworks
