[Buildroot] [PATCH v2 6/9] support/scripts: Add a per configuration CVE checker

Matthew Weber matthew.weber at rockwellcollins.com
Fri Jul 10 12:41:14 UTC 2020


Gregory,

On Fri, Jul 10, 2020 at 6:24 AM Gregory CLEMENT
<gregory.clement at bootlin.com> wrote:
>
> This scripts takes as entry on stdin a JSON description of the package
> used for a given configuration. This description is the one generated
> by "make show-info".
>
> The script generates the list of all the package used and if they are
> affected by a CVE. The output is either a JSON or an HTML file similar
> to the one generated by pkg-stats.
>
> Signed-off-by: Gregory CLEMENT <gregory.clement at bootlin.com>

- Checked that nvd-path's default works
- HTML report formatting is cleaned up
- Still see a bunch of the parsing package version output but these
make sense as they are for virtual packages.  This should be fixed
when using CPE
 Getting https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-2004.meta
 Cannot parse package 'zlib' version ''
 Cannot parse package 'gettext' version ''
 Cannot parse package 'openssl' version ''
 Cannot parse package 'openssl' version ''

Tested-by: Matthew Weber <matthew.weber at rockwellcollins.com>



More information about the buildroot mailing list