Generate VEX docs for pkgs #101
Description
Certain packages have CVEs whose score is higher than it needs to be or isn't a valid CVE for the package.
Industry's effort to fix this is VEX documents. This will help eliminate false positives.
Common ways VEX docs can be found are-
- Find one by published by the security advisory
- Generate one by dynamic analysis of syscalls
- Potentially, leverage something like VexHub