Validate an OpenVEX document: @context from openvex.dev, each statement has vulnerability, products[], valid status, and — when status=not_affected — a justification. Zero network. Terminal node of the sbom-provenance-attestation chain.
OpenVEX v0.2Vulnerability DisclosureEU CRA Art.14W3C VC §13.11Zero PIIClient-side only
🔒 All inputs are processed locally in your browser. No data is transmitted. Do not enter real personal data — use synthetic or anonymised inputs only.
Scope
Terminal node of the sbom-provenance-attestation chain (art-135→136→137). Validates an OpenVEX document per the VEX spec: correct @context, all statements carry a vulnerability reference, products array, a recognised status (not_affected/affected/fixed/under_investigation), and — critically — a justification when status=not_affected (required by the VEX specification). Supports EU CRA Article 14 coordinated disclosure readiness.