VEXGen is an automated tool for generating VEX (Vulnerability Exploitability eXchange) and TIX (Threat Intelligence eXchange) documents from GitHub repositories.

• 🔍 Automatic SBOM Discovery - Finds and processes Software Bill of Materials files
• 🧠 Smart Code Analysis - Multi-language analyzer detects actual component usage
• 📊 Vulnerability Assessment - Determines exploitability using package affected artefacts
• 📦 VEX/TIX Generation - Creates standards-compliant security documents

1. Docker - Container runtime
2. Docker Compose - Multi-container orchestration
3. MongoDB Compass (optional) - MongoDB GUI
4. Neo4j Browser - Graph database visualization (runs on container)
5. Python 3.14+ - For local development

git clone https://github.com/securechaindev/securechain-vexgen.git
cd securechain-vexgen

Create a .env file from .env.template:

cp .env.template .env

Edit .env with your configuration:

• GitHub: Personal Access Token
• JWT Secret: Generate with openssl rand -base64 32

docker network create securechain

Download database dumps from Zenodo, unzip, and run:

docker compose up --build

The MongoDB and Neo4j containers will be seeded automatically.

docker compose -f dev/docker-compose.yml up --build

• VEXGen API: http://localhost:8002
• API Docs: http://localhost:8002/docs
• Auth API: http://localhost:8001/docs
• Neo4j Browser: http://localhost:7474
• MongoDB: mongodb://localhost:27017

The project uses Python 3.14 and uv as the package manager for faster and more reliable dependency management.

1. Install uv (if not already installed):

   curl -LsSf https://astral.sh/uv/install.sh | sh

2. Activate the virtual environment (uv creates it automatically):

   uv venv
   source .venv/bin/activate

3. Install dependencies:

   uv sync

# Install test dependencies
uv sync --extra test

# Run all tests
uv run pytest

# Run tests with coverage report
uv run pytest --cov=app --cov-report=term-missing --cov-report=html

# Run specific test file
uv run pytest tests/unit/controllers/test_graph_controller.py -v

# Run only unit tests
uv run pytest tests/unit/ -v

# Install linter
uv sync --extra dev

# Linting
uv run ruff check app/

# Formatting
uv run ruff format app/

Pull requests are welcome! To contribute follow this guidelines.

GNU General Public License v3.0

• Secure Chain Team
• Secure Chain Organization
• Secure Chain Documentation