-
I''m gathering all rpms used in buildroot and adding them as BUILD_DEPENDENCY_OF of every rpm produced in build architecture. It is a vast matrix for some rpms. Is it the right way? Just to illustrate…
-
Yocto already has tooling to help with licensing management and I think can generate SBOMs that we can scan. But I think there's some opportunity for us to more gracefully handle backported patches. …
-
buildroot/package directory has one directory per package.
Each package directory has a .mk file.
https://github.com/teslamotors/buildroot/blob/buildroot-2019.02/package/bison/bison.mk
The di…
-
Out of curiosity I ran [emba](https://github.com/e-m-b-a/emba) today on the latest image. Below you can find an excerpt. I removed the components which had 0 CVEs to not make the list look much longer…
-
#2685 is related
Some products have multiple names and it would be good if we could handle this in an elegant way particulalry for the language and SBOM parsers although there may be some benefits…
-
During the creation of a yocto recipe, I had to make several changes to this package `CMakeLists.txt` file.
In my opinion the top level `CMakeLists.txt` file can be simplified.
First thing I enc…
-
### Description
The cycloneDX report could be enriched with the file location where the products are found.
### Why?
I would like to use cve-bin-tool in cases where the syft or trivy metadata…
-
I am experiencing hangs (stuck forever, manually aborted by me after 8 hours) for all `dotnet` commands when targeting `arm32v7` once the SDK is installed (not if only the runtime is installed though)…
-
Hoping for some insight on this build failure.
This is 1.5 compiled against gnu-efi 3.0.18 in Debian. All the other architectures work. It also "worked" to compile against 3.0.15, it's just the u…
-
Is there desire for PURL to support version ranges or is that out of scope? For example, to describe vulnerable versions of a package.