Google Git
Sign in
apache / logging-site / refs/heads/feat/vex-file-blog
commitf3cd537f632368ac93d2b731bf69b33e8636c410[log] [tgz]
authorPiotr P. Karwasz <pkarwasz-github@apache.org>Mon Jul 28 18:55:10 2025 +0200
committerPiotr P. Karwasz <pkarwasz-github@apache.org>Mon Jul 28 18:55:10 2025 +0200
tree2ff5fefb26ade2a9873ccf01a02fd3dce90135e5
parent4f08288de8acd33d8dbde5ec9aac3390386f04ec [diff]
feat(blog): Add post on VEX files and the new VEX Initiative

This commit adds a new blog post titled **“How I Learned to Stop Worrying and Love the VEX.”**

The post explains:

* The role of **VEX files** (Vulnerability Exploitability eXchange) in managing dependency security.
* Why the Log4j project initially chose not to publish a VEX, and what changed.
* Lessons learned from helping other projects like Kafka.
* The launch of the **Alpha-Omega–funded VEX Initiative**, aiming to automate and improve VEX generation across Apache projects, starting with Solr.
2 files changed
tree: 2ff5fefb26ade2a9873ccf01a02fd3dce90135e5
  1. .github/
  2. .well-known/
  3. _data/
  4. _includes/
  5. _layouts/
  6. _plugins/
  7. _posts/
  8. blog/
  9. css/
  10. doaps/
  11. img/
  12. js/
  13. xml/
  14. .asf.yaml
  15. .gitignore
  16. _config.yml
  17. _log4j1-eol.adoc
  18. _sbom.adoc
  19. _threat-model-common.adoc
  20. _threat-model-log4j.adoc
  21. _threat-model-log4net.adoc
  22. _vulnerabilities.adoc
  23. charter.md
  24. Dockerfile
  25. dormant.md
  26. download.adoc
  27. Gemfile
  28. guidelines.md
  29. index.html
  30. mailing-lists.md
  31. processes.md
  32. README.md
  33. run-docker-build.sh
  34. run-jekyll.sh
  35. security.adoc
  36. support.adoc
  37. team-list.adoc
  38. what-is-logging.md
README.md

The Apache Software Foundation - Logging Website

This is the source code for the website at logging.apache.org. The staging website is at logging.staged.apache.org. The website is built using Jekyll, a static site generator.

Builds can be debugged when looking at the Buildbot output.

Develop this website

To develop content for this website, you need to make sure you have Docker installed. Once installed, you can run this command to create a docker image:

$> cd <your project folder>
$> docker build -t apache/logging_site .

or run: ./run-docker-build.sh

Whenever you change something in the Docker's dependencies, you have to recreate the Docker image. Afterwards, you can run the website.

To run the website in serve mode (running a server to quickly check your code) you'll have to run this command:

docker run --rm -p 4000:4000 --mount type=bind,src=$PWD,dst=/root/build --mount type=volume,dst=/root/build/node_modules -it apache/logging_site serve --watch --incremental

or run: ./run-jekyll.sh

Once it runs, you can reach your website at:

http://localhost:4000/

Jekyll will regenerate content as you change it and you can see all changes with hitting refresh.

If you find it necessary to connect to your Docker instance while working, you can run and connect to it with this command:

docker run --rm -p 4000:4000 --mount type=bind,src=$PWD,dst=/root/build --mount type=volume,dst=/root/build/node_modules -it  --entrypoint "/bin/bash" apache/logging_site

Deploying

Once you have committed to this branch, your changes will be built and pushed to the asf-staging branch. From there, it is published to https://logging.staged.apache.org

If you are happy with your changes, merge the staging branch to the site branch:

git checkout asf-site
git merge --ff-only asf-staging
git push