- Last edited 2 months ago ago
How to check the CVE status in OpenSTLinux
This article explains how to configure an OpenSTLinux Yocto build to check the CVE (Common Vulnerabilities and Exposures) status.
2 OpenEmbedded/Yocto Project®
OpenEmbedded/Yocto provides a class that permits to check the CVE status.
To enable a CVE status check, add the following to your configuration (conf/local.conf):
INHERIT += "cve-check"
For more information about how to configure CVE check exclusions, see the section Vulnerability check at build time
The CVE check generates some CVE status by package in <build directory>/tmp-glibc/deploy/cve/ directory.
Example for tf-a-stm32mp:
The two files contain the same information: as a text in the first one, and as a json in the second one.