Hi Marta
>
> The discussion in this thread is in fact related to what we have in
> sessions
> about SRTools. Would you be willing to join?
>
I remember that the meetings were announced via the mailing lists. But
I can no longer find them and they are not listed on
https://www.yoctoproject.org/com
I will reply here to multiple issues raised in this thread.
On Tue, Jan 2, 2024 at 10:46 PM Adrian Freihofer
wrote:
>
> On Tue, 2024-01-02 at 09:24 +0200, Mikko Rapeli wrote:
> > Hi,
> >
> > On Sat, Dec 23, 2023 at 02:47:36AM -0800, fabian.hanke via
> > lists.yoctoproject.org wrote:
> > > Hello Y
Hello and thank you for the feedback so far,
> The cve-check tooling can check which issues are present and which are fixed
> in some way so that information is there.
I guess our security department wants a standardized format for all product
teams and not use individual tooling for each team
Hi,
On Tue, Jan 02, 2024 at 10:46:21PM +0100, adrian.freiho...@gmail.com wrote:
> On Tue, 2024-01-02 at 09:24 +0200, Mikko Rapeli wrote:
> > Hi,
> >
> > On Sat, Dec 23, 2023 at 02:47:36AM -0800, fabian.hanke via
> > lists.yoctoproject.org wrote:
> > > Hello Yocto community,
> > >
> > > we must p
On Tue, 2024-01-02 at 09:24 +0200, Mikko Rapeli wrote:
> Hi,
>
> On Sat, Dec 23, 2023 at 02:47:36AM -0800, fabian.hanke via
> lists.yoctoproject.org wrote:
> > Hello Yocto community,
> >
> > we must provide a SBOM for our Yocto based product which will then
> > be used for (internal) CVE scanning
Hi,
On Sat, Dec 23, 2023 at 02:47:36AM -0800, fabian.hanke via
lists.yoctoproject.org wrote:
> Hello Yocto community,
>
> we must provide a SBOM for our Yocto based product which will then be used
> for (internal) CVE scanning by the security department. Generating the base
> document in cyclo
Hello,
I don't know if it will help, in our company, we modified cve-check.bbclass
so it is linked to our JIRA.
At first build, it creates a ticket for every active CVE.
We analyse CVEs on JIRA and close tickets that are not relevant for our
product.
At next builds, modified cve-check.bbclass chec
On Sat, 2023-12-23 at 02:47 -0800, fabian.hanke via lists.yoctoproject.org
wrote:
> we must provide a SBOM for our Yocto based product which will then be
> used for (internal) CVE scanning by the security department.
> Generating the base document in cycloneDX format is fairly easy
> (thanks to th
Hello Yocto community,
we must provide a SBOM for our Yocto based product which will then be used for
(internal) CVE scanning by the security department. Generating the base
document in cycloneDX format is fairly easy (thanks to the nature of Yocto).
But we do not know how to include informatio