It can be useful to filter out patched issues since they are no longer vulnerable. This makes it easier to sift through what CVEs still might need to be fixed.
Signed-off-by: Dan Dedrick <ddedr...@lexmark.com> --- meta/classes/cve-check.bbclass | 3 +++ 1 file changed, 3 insertions(+) diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass index 743bc08a4f..a486d686ae 100644 --- a/meta/classes/cve-check.bbclass +++ b/meta/classes/cve-check.bbclass @@ -35,6 +35,7 @@ CVE_CHECK_DIR ??= "${DEPLOY_DIR}/cve" CVE_CHECK_MANIFEST ?= "${DEPLOY_DIR_IMAGE}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.cve" CVE_CHECK_COPY_FILES ??= "1" CVE_CHECK_CREATE_MANIFEST ??= "1" +CVE_CHECK_EXCLUDE_PATCHED ??= "0" # Whitelist for packages (PN) CVE_CHECK_PN_WHITELIST = "\ @@ -54,6 +55,8 @@ python do_cve_check () { if os.path.exists(d.getVar("CVE_CHECK_TMP_FILE")): patched_cves = get_patches_cves(d) patched, unpatched = check_cves(d, patched_cves) + if d.getVar("CVE_CHECK_EXCLUDE_PATCHED") == "1": + patched = [] if patched or unpatched: cve_data = get_cve_info(d, patched + unpatched) cve_write_data(d, patched, unpatched, cve_data) -- 2.20.1 -- _______________________________________________ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core