> -----Original Message----- > From: Sona Sarmadi > Sent: den 27 oktober 2016 10:57 > To: Scott Rifenbark <srifenb...@gmail.com>; 'mariano.lo...@intel.com' > <mariano.lo...@intel.com>; yocto@yoctoproject.org > Subject: cve-checker tool > > Hi guys, > > I have some questions regarding cve-check tool. I don't find anything > about this tool in Yocto > 2.2 release, dose documentation mention this tool and how to use it? > > Is this tool planned to be integrated with daily build so the Yocto project > can detect Not addressed CVEs automatically? > > Mariano: > Does this tool look at CVE tag inside the recipe as well or only checks the > package version? > > Can this tool be used together with "meta-security-isafw" and get a fancy > report?
There are some useful info in the cve-check.bbclass: #In order to use this class just inherit the class in the # local.conf file and it will add the cve_check task for # every recipe. The task can be used per recipe, per image, # or using the special cases "world" and "universe". The # cve_check task will print a warning for every unpatched # CVE found and generate a file in the recipe WORKDIR/cve # directory. If an image is build it will generate a report # in DEPLOY_DIR_IMAGE for all the packages used. I see following logs are generated: ./unzip/1_6.0-r5/cve/cve.log ./gnutls/3.5.3-r0/cve/cve.log ./glibc/2.24-r0/cve/cve.log ./glibc-initial/2.24-r0/cve/cve.log ./foomatic-filters/4.0.17-r1/cve/cve.log ./bzip2/1.0.6-r5/cve/cve.log ./libxml2/2.9.4-r0/cve/cve.log ./perl/5.22.1-r0/cve/cve.log ./expat/2.2.0-r0/cve/cve.log ./flex/2.6.0-r0/cve/cve.log //Sona -- _______________________________________________ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto