fix: improvements product and metadata

cve_bin_tool/vex_manager/generate.py

@@ -21,17 +21,33 @@ class VEXGenerate:
             Remarks.Mitigated: "resolved",
             Remarks.FalsePositive: "false_positive",
             Remarks.NotAffected: "not_affected",
-        }
+        },
+        "csaf": {
+            Remarks.NewFound: "under_investigation",
+            Remarks.Unexplored: "under_investigation",
+            Remarks.Confirmed: "known_affected",
+            Remarks.Mitigated: "fixed",
+            Remarks.FalsePositive: "known_not_affected",
+            Remarks.NotAffected: "known_not_affected",
+        },
     }
 
     def __init__(
         self,
+        product: str,
+        release: str,
+        vendor: str,
         filename: str,
-        all_cve_data: dict[ProductInfo, CVEData],
         vextype: str,
+        all_cve_data: dict[ProductInfo, CVEData],
+        sbom: str | None = None,
         logger: Logger | None = None,
         validate: bool = True,
     ):
+        self.product = product
+        self.release = release
+        self.vendor = vendor
+        self.sbom = sbom
         self.filename = filename
         self.vextype = vextype
         self.logger = logger or LOGGER.getChild(self.__class__.__name__)
@@ -46,15 +62,18 @@ def generate_vex(self) -> None:
             None
         """
         vexgen = VEXGenerator(vex_type=self.vextype)
-        vexgen.set_product(name="generation-draft", release="1.0")
+        kwargs = {"name": self.product, "release": self.release}
+        if self.sbom:
+            kwargs["sbom"] = self.sbom
+        vexgen.set_product(**kwargs)
         if Path(self.filename).is_file():
             self.logger.warning(
                 f"Failed to write '{self.filename}'. File already exists"
             )
             self.logger.info("Generating a new filename with Default Naming Convention")
             self.filename = self.generate_vex_filename()
         vexgen.generate(
-            project_name="generation-draft",
+            project_name=self.product,
             vex_data=self.get_vulnerabilities(),
             metadata=self.get_metadata(),
             filename=self.filename,
@@ -69,12 +88,18 @@ def generate_vex_filename(self) -> str:
         """
         now = datetime.now().strftime("%Y-%m-%d.%H-%M-%S")
         filename = os.path.abspath(
-            os.path.join(os.getcwd(), f"prle.{self.vextype}.{now}.json")
+            os.path.join(
+                os.getcwd(), f"{self.product}_{self.release}_{self.vextype}.{now}.json"
+            )
         )
         return filename
 
     def get_metadata(self) -> dict:
-        metadata = {}
+        metadata = {
+            "id": f"{self.product.upper()}-{self.release}-VEX",
+            "supplier": self.vendor,
+        }
+        # other metadata can be added here
         return metadata
 
     def get_vulnerabilities(self) -> list[Vulnerability]:
@@ -86,7 +111,7 @@ def get_vulnerabilities(self) -> list[Vulnerability]:
         """
         vulnerabilities = []
         for product_info, cve_data in self.all_cve_data.items():
-            product, version, _, _ = product_info
+            product, version, vendor, _ = product_info
             for cve in cve_data["cves"]:
                 if isinstance(cve, str):
                     continue
@@ -107,6 +132,10 @@ def get_vulnerabilities(self) -> list[Vulnerability]:
                     else cve.remarks.name
                 )
                 # more details will be added using set_value()
+                bom_version = 1
+                ref = f"urn:cbt:{bom_version}/{vendor}#{product}:{version}"
+
+                vulnerability.set_value("bom_link", ref)
                 vulnerability.set_value("action", detail)
                 vulnerability.set_value("source", cve.data_source)
                 vulnerability.set_value("updated", cve.last_modified)