[yocto-security] Import cve-check to srtool
Burton, Ross
ross.burton at intel.com
Tue Mar 12 14:25:12 PDT 2019
On Tue, 12 Mar 2019 at 21:12, Daniel Wang <xiaolong.wang at anki.com> wrote:
> I just heard about Yocto srtool. It looks fantastic! I’m wondering is there a way to automatically import cve-check from Yocto build process to strool somehow? I have not be able to find a way to do so.
What do you expect the import to be? Remember that the cve-check-tool
output *needs* to be reviewed by a human, so srtool is effectively
that review using its own copy of the CVE database.
Ross
More information about the yocto-security
mailing list