vigiles-openwrt does not detect all packages configured in the openwrt build config.

TimesysGit / vigiles-openwrt

Vulnerability management tool that provides OpenWRT SBOM generation and CVE Analysis of target images.

10 stars 6 forks source link

vigiles-openwrt does not detect all packages configured in the openwrt build config. #3

Open phearus opened 2 years ago

phearus commented 2 years ago

vigiles-openwrt does not detect all packages configured in the openwrt build config.

Some configured packages from base openwrt buildroot are excluded that should not be - It seems to only select a small subset of packages from the openwrt buildroot config.

Also all packages configured in the config that exist in the openwrt feeds are excluded.

These packages are all included through the standard OpenWrt build process thus we should not have to specify them using the -A / --additional-packages mechanism.

iancampbell commented 2 years ago

Thanks for bringing this issue to our attention.

To help us debug this issue further please share the following if you are able to:

.config file
SBOM/manifest generated by Vigiles
list of missed packages

If you would prefer, we can handle the transfer of this information through our support portal. A new support ticket can be created here: https://linuxlink.timesys.com/support/new/

phearus commented 2 years ago

Thanks @iancampbell .

I have reproduced this issue in support ticket https://linuxlink.timesys.com/support/60104.

I am checking with appropriate authorities that we can share those files.