security

CSAF

Common Security Advisory Framework

Definition

CSAF is an OASIS standard for machine-readable security advisories that replaces the older CVRF format. It defines a JSON schema for publishing vulnerability advisories, including VEX documents, in a way that automated tools can ingest and process.

Vendors publish CSAF documents so downstream consumers can programmatically determine their exposure.

Related Terms

VEX

Vulnerability Exploitability eXchange

CVE

Common Vulnerabilities and Exposures

SBOM

Software Bill of Materials

← Back to Glossary

Ship secure code faster

Crash Override integrates security into the developer workflow. No context switching, no waiting on reviews.

Talk to a Human See the Product