How to run CVE checks using the Yocto Project

From KoanSoftware Wiki

Revision as of 15:11, 18 July 2024 by Koan (talk | contribs) (Created page with "== How to run CVE checks using the Yocto Project == Enable CVE check The Yocto Project provides a '''cve-check''' class which can be enabled to perform scans on packages for...")

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Jump to: navigation, search

How to run CVE checks using the Yocto Project

Enable CVE check

The Yocto Project provides a cve-check class which can be enabled to perform scans on packages for public CVE’s.

It is possible to enable this feature to run a scan of packages but also on images.

To enable the CVE check you can add the following to e.g local.conf:

 INHERIT += "cve-check"

Then run

bitbake --runall cve_check core-image-minimal

You will get to the output a list of unpatched CVE’s where found and several log files

Complete CVE report summary created at: .../build/tmp/log/cve/cve-summary

Complete CVE JSON report summary created at: .../build/tmp/log/cve/cve-summary.json

Retrieved from "https://wiki.koansoftware.com/index.php?title=How_to_run_CVE_checks_using_the_Yocto_Project&oldid=363"

Navigation menu