Skip to content

Commit

Permalink
docs: add a note about relationships
Browse files Browse the repository at this point in the history 
Signed-off-by: knqyf263 <[email protected]>
  • Loading branch information
@knqyf263
knqyf263 committed Jun 6, 2024
1 parent 1fac633 commit 7ab49ef
Showing 1 changed file with 5 additions and 0 deletions.
5 changes: 5 additions & 0 deletions docs/docs/supply-chain/vex.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -510,6 +510,11 @@ Now, suppose a VEX statement is issued for `Module B` as follows:
```

It declares that `Module B` is not affected by CVE-XXXX-YYYY on `Module C`.

!!! note
The VEX in this example defines the relationship between Module B and Module C.
However, as Trivy traverses all parents from vulnerable packages, it is also possible to define a VEX for the relationship between a vulnerable package and any parent, such as `Module A` and `Module C`, etc.

Mapping this VEX onto the dependency tree would look like this:

```mermaid
Expand Down

0 comments on commit 7ab49ef

Please sign in to comment.