mirror of
https://git.yoctoproject.org/poky
synced 2026-02-07 09:16:36 +01:00
e12050dcad
Add sub section to how Poky and OE-Core handle CVE security issues. This is a generic intro chapter. Also add note that this is a process which needs quite a bit of review and iteration to keep products and SW stack secure, a process not a product. Then change "Vulnerabilites in images" chapter to "Vulnerability check at build time" since the process applies to anything compiled with bitbake, not just images. Explain details of how to work with cve-check.bbclass, especially the states Patched, Unpatched and Ignored in the generated reports. Rename recipe chapter to "Fixing CVE product name and version mappings" since CVE check has some default which works for all recipes but generated reports may be completely broken. Fixes are then done with CVE_PRODUCT and CVE_VERSION. Give some hints how to analyze "Unpatched" CVEs by checking what happens in other Linux distros etc. (From yocto-docs rev: 77a9c1a9fe651bf11f1d5a723b0741dd1764b2c8) Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org> Reviewed-by: Michael Opdenacker <michael.opdenacker@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>