On Fri, 13 Jan 2023 at 17:01, Sergey Zhmylev <s.zhmy...@yadro.com> wrote: > There are a lot of useful tools in this huge world of enterprise-level > distros, especially all those staff related to static security > scans/audit and around SBOM collection and processing. Those tools > rely on some basic rules of rpm naming for their analysis and do not > handle architectures like "genericx86_64".
Can you list the tools please? Are they under open source licenses? What do they do that Yocto doesn't yet offer? Yocto does CVE scans, and SBOM generation as well, so what is it that is missing? It also goes both ways: you can figure out why the tools do not handle architectures in a generic way and submit a patch to respective upstreams so that they do. 'Enterprise-level distros' means vendor lock-in and expensive subscription fees. Precisely the thing that most or all of us here do not want. Yes, we are not mature. Alex -
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#175846): https://lists.openembedded.org/g/openembedded-core/message/175846 Mute This Topic: https://lists.openembedded.org/mt/96233100/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
