How to run CVE checks using the Yocto Project

From KoanSoftware Wiki
Revision as of 15:11, 18 July 2024 by Koan (talk | contribs) (Created page with "== How to run CVE checks using the Yocto Project == Enable CVE check The Yocto Project provides a '''cve-check''' class which can be enabled to perform scans on packages for...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

How to run CVE checks using the Yocto Project

Enable CVE check

The Yocto Project provides a cve-check class which can be enabled to perform scans on packages for public CVE’s.

It is possible to enable this feature to run a scan of packages but also on images.

To enable the CVE check you can add the following to e.g local.conf: 

 INHERIT += "cve-check"

Then run 

bitbake --runall cve_check core-image-minimal


You will get to the output a list of unpatched CVE’s where found and several log files

  • Complete CVE report summary created at: .../build/tmp/log/cve/cve-summary
  • Complete CVE JSON report summary created at: .../build/tmp/log/cve/cve-summary.json
Retrieved from "https://wiki.koansoftware.com/index.php?title=How_to_run_CVE_checks_using_the_Yocto_Project&oldid=363"