feat(tool): Add VEX file validation tool

README.md

@@ -47,6 +47,7 @@ For more details, see our [documentation](https://cve-bin-tool.readthedocs.io/en
     - [Scanning an SBOM file for known vulnerabilities](#scanning-an-sbom-file-for-known-vulnerabilities)
     - [Generating an SBOM](#generating-an-sbom)
     - [Generating a VEX](#generating-a-vex)
+    - [Validating VEX Files](#validating-vex-files)
     - [Triaging vulnerabilities](#triaging-vulnerabilities)
     - [Using the tool offline](#using-the-tool-offline)
     - [Using CVE Binary Tool in GitHub Actions](#using-cve-binary-tool-in-github-actions)
@@ -134,6 +135,22 @@ Valid VEX types are [CSAF](https://oasis-open.github.io/csaf-documentation/), [C
 
 The [VEX generation how-to guide](https://github.com/intel/cve-bin-tool/blob/main/doc/how_to_guides/vex_generation.md) provides additional VEX generation examples.
 
+### Validating VEX Files
+
+CVE Binary Tool includes a comprehensive VEX validation tool that ensures your VEX documents are correctly formatted and contain accurate vulnerability information:
+
+```bash
+cve-bin-tool vex-validate --vex-file-to-validate <vex_filename>
+```
+
+The validation tool supports all VEX formats (CycloneDX, CSAF, OpenVEX) and provides:
+- Schema compliance checking
+- Status transition validation
+- Missing field detection
+- Actionable error messages with specific fixes
+
+The [VEX validation how-to guide](https://github.com/intel/cve-bin-tool/blob/main/doc/how_to_guides/vex_validation.md) provides detailed validation examples and troubleshooting information.
+
 ### Triaging vulnerabilities
 
 The `--vex-file` option can be used to add extra triage data like remarks, comments etc. while scanning a directory so that output will reflect this triage data and you can save time of re-triaging (Usage: `cve-bin-tool --vex-file test.json /path/to/scan`).

cve_bin_tool/cli.py

@@ -405,6 +405,13 @@ def main(argv=None):
         default=False,
         help="Filter cves based on triage data from Vex file",
     )
+    vex_output_group.add_argument(
+        "--vex-file-to-validate",
+        action="store",
+        help="VEX file path to validate (used with vex-validate command)",
+        default="",
+    )
+
     parser.add_argument(
         "-e",
         "--exclude",
@@ -579,7 +586,25 @@ def main(argv=None):
     )
 
     with ErrorHandler(mode=ErrorMode.NoTrace):
-        raw_args = parser.parse_args(argv[1:])
+        # Check if this is a vex-validate command first
+        if len(argv) >= 2 and argv[1] == "vex-validate":
+            # For vex-validate, parse known args to avoid issues with extra arguments
+            raw_args, unknown_args = parser.parse_known_args(argv[1:])
+            # The VEX file should be the first unknown argument
+            if unknown_args:
+                vex_file_path = unknown_args[0]
+            else:
+                parser.error("vex-validate command requires a VEX file path")
+
+            # Import and run validation immediately
+            from cve_bin_tool.vex_manager.validate import validate_vex_file
+
+            exit_code = validate_vex_file(vex_file_path, logger=None, offline=False)
+            return exit_code
+        else:
+            # Normal parsing for all other commands
+            raw_args = parser.parse_args(argv[1:])
+
         args = {key: value for key, value in vars(raw_args).items() if value}
         defaults = {key: parser.get_default(key) for key in vars(raw_args)}
 
@@ -752,6 +777,26 @@ def main(argv=None):
 
         return 0
 
+    # Handle vex-validate command (this should not be reached due to early return)
+    if args.get("directory") == "vex-validate":
+        from cve_bin_tool.vex_manager.validate import validate_vex_file
+
+        # Determine VEX file path
+        vex_file_path = args.get("vex_file_to_validate") or args.get("directory")
+
+        if not vex_file_path:
+            LOGGER.error(
+                "Please provide a VEX file path using --vex-file-to-validate or as a positional argument"
+            )
+            parser.print_usage()
+            return ERROR_CODES[InsufficientArgs]
+
+        # Validate the VEX file
+        exit_code = validate_vex_file(
+            vex_file_path, LOGGER, offline=args.get("offline", False)
+        )
+        return exit_code
+
     # Offline processing
     if args["offline"]:
         # Override version check and database update arguments
@@ -983,7 +1028,7 @@ def main(argv=None):
         parser.print_usage()
         with ErrorHandler(logger=LOGGER, mode=ErrorMode.NoTrace):
             raise InsufficientArgs(
-                "Please specify a directory to scan or an input file required"
+                "Please specify a directory to scan, an input file, or use vex-validate command"
             )
 
     # Output validation

cve_bin_tool/schemas/README.txt

@@ -1,3 +1,21 @@
+CVE Binary Tool Local Schema Files
+==================================
+
+This directory contains local schema files for various formats supported by CVE Binary Tool.
+These schemas enable offline validation and faster processing by avoiding network downloads.
+
+Schema Files:
+- bom-1.4.schema.json: CycloneDX BOM format schema
+- csaf_json_schema.json: CSAF VEX format schema  
+- openvex_json_schema.json: OpenVEX format schema
+- cyclonedx_gen.xsd: CycloneDX XML schema (generated)
+- Various other XSD files for XML validation
+
+To update schemas, download the latest versions from official sources:
+- CycloneDX: https://raw.githubusercontent.com/CycloneDX/specification/master/schema/
+- CSAF: https://raw.githubusercontent.com/oasis-tcs/csaf/master/csaf_2.0/json_schema/
+- OpenVEX: https://raw.githubusercontent.com/openvex/spec/main/.schemas/
+
 The cyclconedx_gen.xsd is an amalgamation of cyclonedx.xsd and cyclonedx_spdx.xsd. References
 to spdx namespace in the cyclonedx.xsd is changed to bom.