manuals: further documentation for cve-check

This adds details about the actual implementation of vulnerability checks, about how to fix or ignore vulnerabilities in recipes, and documents the CVE_CHECK_PN_WHITELIST and CVE_CHECK_WHITELIST variables. (From yocto-docs rev: 55886d211218b3a604c2f8a29c854685ebf284dd) Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com> Reviewed-by: Quentin Schulz <foss@0leil.net> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Michael Opdenacker <michael.opdenacker@bootlin.com> 2021-08-06 12:33:04 +0200
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2021-08-10 11:29:46 +0100
commit: 4c7e3b64bc9cefb05fa4a995e83bb0f90160a9fc (patch)
tree: 3af0de4c8c88564f93dfe0346c142f79f1cdfee8 /documentation/ref-manual/classes.rst
parent: 23e640b80933760fdfb65ac9f764b93a3cf298b5 (diff)
download: poky-4c7e3b64bc9cefb05fa4a995e83bb0f90160a9fc.tar.gz
1 files changed, 16 insertions, 0 deletions
diff --git a/documentation/ref-manual/classes.rst b/documentation/ref-manual/classes.rst
index 49905f2725..a98a64c432 100644
--- a/documentation/ref-manual/classes.rst
+++ b/documentation/ref-manual/classes.rst
@@ -404,6 +404,22 @@ cross-compilation tools used for building SDKs. See the
 section in the Yocto Project Overview and Concepts Manual for more
 discussion on these cross-compilation tools.
+.. _ref-classes-cve-check:
+``cve-check.bbclass``
+=====================
+The ``cve-check`` class looks for known CVEs (Common Vulnerabilities
+and Exposures) while building an image. This class is meant to be
+inherited globally from a configuration file::
+   INHERIT += "cve-check"
+You can also look for vulnerabilities in specific packages by passing
+``-c cve_check`` to BitBake. You will find details in the
+":ref:`dev-manual/common-tasks:checking for vulnerabilities`"
+section in the Development Tasks Manual.
 .. _ref-classes-debian:
 ``debian.bbclass``
author	Michael Opdenacker <michael.opdenacker@bootlin.com>	2021-08-06 12:33:04 +0200
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2021-08-10 11:29:46 +0100
commit	4c7e3b64bc9cefb05fa4a995e83bb0f90160a9fc (patch)
tree	3af0de4c8c88564f93dfe0346c142f79f1cdfee8 /documentation/ref-manual/classes.rst
parent	23e640b80933760fdfb65ac9f764b93a3cf298b5 (diff)
download	poky-4c7e3b64bc9cefb05fa4a995e83bb0f90160a9fc.tar.gz

diff --git a/documentation/ref-manual/classes.rst b/documentation/ref-manual/classes.rst index 49905f2725..a98a64c432 100644 --- a/documentation/ref-manual/classes.rst +++ b/documentation/ref-manual/classes.rst
@@ -404,6 +404,22 @@ cross-compilation tools used for building SDKs. See the
404	section in the Yocto Project Overview and Concepts Manual for more	404	section in the Yocto Project Overview and Concepts Manual for more
405	discussion on these cross-compilation tools.	405	discussion on these cross-compilation tools.
406		406
		407	.. _ref-classes-cve-check:
		408
		409	``cve-check.bbclass``
		410	=====================
		411
		412	The ``cve-check`` class looks for known CVEs (Common Vulnerabilities
		413	and Exposures) while building an image. This class is meant to be
		414	inherited globally from a configuration file::
		415
		416	INHERIT += "cve-check"
		417
		418	You can also look for vulnerabilities in specific packages by passing
		419	``-c cve_check`` to BitBake. You will find details in the
		420	":ref:`dev-manual/common-tasks:checking for vulnerabilities`"
		421	section in the Development Tasks Manual.
		422
407	.. _ref-classes-debian:	423	.. _ref-classes-debian:
408		424
409	``debian.bbclass``	425	``debian.bbclass``