From 313a99c6948b417138ef422ad26b6318c1e1a8e7 Mon Sep 17 00:00:00 2001
From: fahed dorgaa <fahed.dorgaa@gmail.com>
Date: Tue, 7 Apr 2026 11:54:01 +0200
Subject: [PATCH 1/2] Add vens - context-aware vulnerability risk scoring

---
 README.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/README.md b/README.md
index 5467d34..ba6c5e7 100644
--- a/README.md
+++ b/README.md
@@ -227,6 +227,7 @@ Testing is an essential element of a DevSecOps program because it helps to prepa
 * [ShiftLeft Scan](https://slscan.io)
 * [Snyk](https://snyk.io)
 * [SourceClear](https://www.sourceclear.com)
+* [vens](https://github.com/venslabs/vens) - Context-aware vulnerability risk scoring CLI that generates CycloneDX VEX with OWASP risk scores from Trivy/Grype reports using LLM analysis.
 
 
 ## Alerting

From f8a17b33b23141d97f268ddde1a28e4c32cd70d5 Mon Sep 17 00:00:00 2001
From: fahed dorgaa <fahed.dorgaa@gmail.com>
Date: Tue, 7 Apr 2026 12:00:32 +0200
Subject: [PATCH 2/2] docs: simplify vens description

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index ba6c5e7..acce6f5 100644
--- a/README.md
+++ b/README.md
@@ -227,7 +227,7 @@ Testing is an essential element of a DevSecOps program because it helps to prepa
 * [ShiftLeft Scan](https://slscan.io)
 * [Snyk](https://snyk.io)
 * [SourceClear](https://www.sourceclear.com)
-* [vens](https://github.com/venslabs/vens) - Context-aware vulnerability risk scoring CLI that generates CycloneDX VEX with OWASP risk scores from Trivy/Grype reports using LLM analysis.
+* [vens](https://github.com/venslabs/vens) - Prioritize vulnerabilities by real risk, not just CVSS. Takes a Trivy or Grype scan and scores each CVE based on your system's actual context.
 
 
 ## Alerting