Configuration

Vexy will query the data sources you configured to obtain current known vulnerability information that relates to the Open Source components included in your input SBOM.

Data Sources are configured in a YAML formatted file which is supplied to vexy using the -c or --config flag at the command line. A configuration file MUST be supplied to run vexy.

Configuration File Format

Currently, the configuration file is used only to describe which data sources you would like vexy to utilise and any configuration that datasource requires - e.g. authentication details.

An example configuration file might look as follows:

sources:
    ossindex:
        username: <your-username>
        password: <your-password>
    osv:

For details of what data sources are available and their specific configuration - see Data Sources.