diff options
| author | Marta Rybczynska <rybczynska@gmail.com> | 2024-08-14 07:30:39 +0200 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2024-08-20 14:12:40 +0100 |
| commit | 3859ff591568ac8879be602379ded9762d5fec26 (patch) | |
| tree | cec9ae5115ac8399a6c5cbce0437a63e805ae1f5 /documentation/set_versions.py | |
| parent | 6e742bcb4f21179e87b1895aa3dc56c6bf9f7773 (diff) | |
| download | poky-3859ff591568ac8879be602379ded9762d5fec26.tar.gz | |
vex.bbclass: add a new class
The "vex" class generates the minimum information that is necessary
for VEX generation by an external CVE checking tool. It is a drop-in
replacement of "cve-check". It uses the same variables from recipes
to make the migration and backporting easier.
The goal of this class is to allow generation of the CVE list of
an image or distribution on-demand, including the latest information
from vulnerability databases. Vulnerability data changes every day,
so a status generated at build becomes out-of-date very soon.
Research done for this work shows that the current VEX formats (CSAF
and OpenVEX) do not provide enough information to generate such
rolling information. Instead, we extract the needed data from recipe
annotations (package names, CPEs, versions, CVE patches applied...)
and store for later use in the format that is an extension of the
CVE-check JSON output format.
This output can be then used (separately or with SPDX of the same
build) by an external tool to generate the vulnerability annotation
and VEX statements in standard formats.
(From OE-Core rev: 6352ad93a72e67d6dfa82e870222518a97c426fa)
Signed-off-by: Marta Rybczynska <marta.rybczynska@syslinbit.com>
Signed-off-by: Samantha Jalabert <samantha.jalabert@syslinbit.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'documentation/set_versions.py')
0 files changed, 0 insertions, 0 deletions