> On Oct 27, 2016, at 4:03 AM, Sona Sarmadi <sona.sarm...@enea.com> wrote: > > > >> -----Original Message----- >> From: Sona Sarmadi >> Sent: den 27 oktober 2016 10:57 >> To: Scott Rifenbark <srifenb...@gmail.com>; 'mariano.lo...@intel.com' >> <mariano.lo...@intel.com>; yocto@yoctoproject.org >> Subject: cve-checker tool >> >> Hi guys, >> >> I have some questions regarding cve-check tool. I don't find anything >> about this tool in Yocto >> 2.2 release, dose documentation mention this tool and how to use it? >> >> Is this tool planned to be integrated with daily build so the Yocto project >> can detect Not addressed CVEs automatically? >> >> Mariano: >> Does this tool look at CVE tag inside the recipe as well or only checks the >> package version? >> >> Can this tool be used together with "meta-security-isafw" and get a fancy >> report? > > There are some useful info in the cve-check.bbclass: > > #In order to use this class just inherit the class in the > # local.conf file and it will add the cve_check task for > # every recipe. The task can be used per recipe, per image, > # or using the special cases "world" and "universe". The > # cve_check task will print a warning for every unpatched > # CVE found and generate a file in the recipe WORKDIR/cve > # directory. If an image is build it will generate a report > # in DEPLOY_DIR_IMAGE for all the packages used. > > I see following logs are generated: > ./unzip/1_6.0-r5/cve/cve.log > ./gnutls/3.5.3-r0/cve/cve.log > ./glibc/2.24-r0/cve/cve.log > ./glibc-initial/2.24-r0/cve/cve.log > ./foomatic-filters/4.0.17-r1/cve/cve.log > ./bzip2/1.0.6-r5/cve/cve.log > ./libxml2/2.9.4-r0/cve/cve.log > ./perl/5.22.1-r0/cve/cve.log > ./expat/2.2.0-r0/cve/cve.log > ./flex/2.6.0-r0/cve/cve.log
perhaps you can add this info to "How Do I” section in wiki here https://wiki.yoctoproject.org/wiki/How_do_I > > //Sona > -- > _______________________________________________ > yocto mailing list > yocto@yoctoproject.org > https://lists.yoctoproject.org/listinfo/yocto
signature.asc
Description: Message signed with OpenPGP using GPGMail
-- _______________________________________________ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto