diff options
| author | Mikko Rapeli <mikko.rapeli@linaro.org> | 2022-10-26 16:12:07 +0300 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2022-10-28 15:48:03 +0100 |
| commit | e12050dcadde33073dc0af4f0d8432cc80f36e38 (patch) | |
| tree | 3ac77cf548466e7cab526d78e060fb2b9c0701bd /documentation/what-i-wish-id-known.rst | |
| parent | aa5fd56b9abf9b5ab8deaf65be6e5127fb0368da (diff) | |
| download | poky-e12050dcadde33073dc0af4f0d8432cc80f36e38.tar.gz | |
dev-manual: common-tasks.rst: refactor and improve "Checking for Vulnerabilities" section
Add sub section to how Poky and OE-Core handle CVE security issues. This
is a generic intro chapter. Also add note that this is a process which
needs quite a bit of review and iteration to keep products and SW stack
secure, a process not a product.
Then change "Vulnerabilites in images" chapter to
"Vulnerability check at build time" since the process applies to
anything compiled with bitbake, not just images.
Explain details of how to work with cve-check.bbclass, especially
the states Patched, Unpatched and Ignored in the generated reports.
Rename recipe chapter to "Fixing CVE product name and version mappings"
since CVE check has some default which works for all recipes
but generated reports may be completely broken. Fixes are then done with
CVE_PRODUCT and CVE_VERSION.
Give some hints how to analyze "Unpatched" CVEs by checking what happens
in other Linux distros etc.
(From yocto-docs rev: 77a9c1a9fe651bf11f1d5a723b0741dd1764b2c8)
Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Reviewed-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'documentation/what-i-wish-id-known.rst')
0 files changed, 0 insertions, 0 deletions