CRAVEX integration
Integrated vulnerability exploitability management
CRAVEX makes it easier for any organization to efficiently comply with the emerging CRA. The solution is based on the AboutCode stack of open source tools, but no solution is an island.
This project integrates CRAVEX with other tools to better orchestrate software supply chain and compliance automation, including: packaging for Linux distributions to maximize the ease of deployment, business systems to create tailored SBOMs and VEX, other FOSS SCA tools to accommodate different software stacks, CI/CD pipelines with scripts and workflows to improve usability, and container cluster analysis to allow users to point to a Kubernetes cluster to collect and scan all the images, and then detect vulnerabilities.
The CRAVEX Integration project orchestrates the different tools critical for practical and efficient software supply chain management and compliance automation processes.
- The project's own website: https://aboutcode.org
Run by AboutCode.org
This project was funded through the NGI0 Core Fund, a fund established by NLnet with financial support from the European Commission's Next Generation Internet programme, under the aegis of DG Communications Networks, Content and Technology under grant agreement No 101092990.
