What would you like to be added:
Include vulnerable ranges in CycloneDX ouptut format per each vulnerability.
Why is this needed:
This helps customers to identify vulnerabilities with available fix, differentiate vulnerabilities with and without fixes, and automate remediation steps.
I specifically would like to notify my system administrators about available security updates. Currently it isn't possible to determine from Grype's CycloneDX output if a vulnerability has a patch available.
Additional context:
The information about available fixes is already present in the json format, so it shouldn't be too hard to add. The version ranges must follow the Package URL Version Range syntax (vers).
What would you like to be added:
Include vulnerable ranges in CycloneDX ouptut format per each vulnerability.
Why is this needed:
This helps customers to identify vulnerabilities with available fix, differentiate vulnerabilities with and without fixes, and automate remediation steps.
I specifically would like to notify my system administrators about available security updates. Currently it isn't possible to determine from Grype's CycloneDX output if a vulnerability has a patch available.
Additional context:
The information about available fixes is already present in the json format, so it shouldn't be too hard to add. The version ranges must follow the Package URL Version Range syntax (vers).