Open alexgg opened 3 years ago
[alexgg] This issue has attached support thread https://jel.ly.fish/3d1f8739-9616-4a52-b02d-5b1dc85ba236
Links to https://github.com/balena-io/balena-io/issues/1070 to cover containers too.
[alexgg] This issue has attached support thread https://jel.ly.fish/f278bbb8-4a9e-43d3-81a7-cf7f55ba9ab7
Enabling the cve check class (https://github.com/openembedded/openembedded-core/blob/master/meta/classes/cve-check.bbclass) we can create cve vulberablities reports at build time against the national vulnerability database (https://nvd.nist.gov/).
Even though these reports need to be manually analysed and actions scheduled, it would provide a base line for comparison and might be useful information for customers.