[yocto] cve-checker tool
Khem Raj
raj.khem at gmail.com
Thu Oct 27 19:34:04 PDT 2016
> On Oct 27, 2016, at 4:03 AM, Sona Sarmadi <sona.sarmadi at enea.com> wrote:
>
>
>
>> -----Original Message-----
>> From: Sona Sarmadi
>> Sent: den 27 oktober 2016 10:57
>> To: Scott Rifenbark <srifenbark at gmail.com>; 'mariano.lopez at intel.com'
>> <mariano.lopez at intel.com>; yocto at yoctoproject.org
>> Subject: cve-checker tool
>>
>> Hi guys,
>>
>> I have some questions regarding cve-check tool. I don't find anything
>> about this tool in Yocto
>> 2.2 release, dose documentation mention this tool and how to use it?
>>
>> Is this tool planned to be integrated with daily build so the Yocto project
>> can detect Not addressed CVEs automatically?
>>
>> Mariano:
>> Does this tool look at CVE tag inside the recipe as well or only checks the
>> package version?
>>
>> Can this tool be used together with "meta-security-isafw" and get a fancy
>> report?
>
> There are some useful info in the cve-check.bbclass:
>
> #In order to use this class just inherit the class in the
> # local.conf file and it will add the cve_check task for
> # every recipe. The task can be used per recipe, per image,
> # or using the special cases "world" and "universe". The
> # cve_check task will print a warning for every unpatched
> # CVE found and generate a file in the recipe WORKDIR/cve
> # directory. If an image is build it will generate a report
> # in DEPLOY_DIR_IMAGE for all the packages used.
>
> I see following logs are generated:
> ./unzip/1_6.0-r5/cve/cve.log
> ./gnutls/3.5.3-r0/cve/cve.log
> ./glibc/2.24-r0/cve/cve.log
> ./glibc-initial/2.24-r0/cve/cve.log
> ./foomatic-filters/4.0.17-r1/cve/cve.log
> ./bzip2/1.0.6-r5/cve/cve.log
> ./libxml2/2.9.4-r0/cve/cve.log
> ./perl/5.22.1-r0/cve/cve.log
> ./expat/2.2.0-r0/cve/cve.log
> ./flex/2.6.0-r0/cve/cve.log
perhaps you can add this info to "How Do I”
section in wiki here https://wiki.yoctoproject.org/wiki/How_do_I
>
> //Sona
> --
> _______________________________________________
> yocto mailing list
> yocto at yoctoproject.org
> https://lists.yoctoproject.org/listinfo/yocto
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 204 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.yoctoproject.org/pipermail/yocto/attachments/20161027/e3cd1c2c/attachment.pgp>
More information about the yocto
mailing list