cve-check: Allow warnings to be disabled

When running CVE checks in CI we're usually not interested in warnings on the console for any CVEs present. Add a configuration option CVE_CHECK_SHOW_WARNINGS to allow this to be disabled (it is left enabled by default). (From OE-Core rev: d009233f36fb866f6bdaa12fb6deedf5e253e9c9) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 1054d3366ba528f2ad52585cf951e508958c5c68) Signed-off-by: Steve Sakoman <steve@sakoman.com> (cherry picked from commit 8fd6a9f521ea6b1e10c80fe33968943db30991ba) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2026-05-04 22:39:49 +02:00 · 2022-05-29 11:51:59 +01:00
parent cc3cefdb43
commit 898aedf585
1 changed files with 2 additions and 1 deletions
--- a/meta/classes/cve-check.bbclass
+++ b/meta/classes/cve-check.bbclass
@@ -48,6 +48,7 @@ CVE_CHECK_COPY_FILES ??= "1"
 CVE_CHECK_CREATE_MANIFEST ??= "1"

 CVE_CHECK_REPORT_PATCHED ??= "1"
+CVE_CHECK_SHOW_WARNINGS ??= "1"

 # Provide text output
 CVE_CHECK_FORMAT_TEXT ??= "1"
@@ -472,7 +473,7 @@ def cve_write_data_text(d, patched, unpatched, whitelisted, cve_data):
        write_string += "VECTOR: %s\n" % cve_data[cve]["vector"]
        write_string += "MORE INFORMATION: %s%s\n\n" % (nvd_link, cve)

-    if unpatched_cves:
+    if unpatched_cves and d.getVar("CVE_CHECK_SHOW_WARNINGS") == "1":
        bb.warn("Found unpatched CVE (%s), for more information check %s" % (" ".join(unpatched_cves),cve_file))

    if write_string: