jan-kiszka
commented
2 months ago The CVE checker - or wrapper - script the CIP project develops in https://gitlab.com/cip-project/cip-core/debian-cve-checker is for picking up Debian's reports based on a Isar image build, thus a concrete package list. When you build such an image out of meta-iot2050 yourself, you will find the input file in build/tmp/deploy/images/iot2050/iot2050-image-swu-example-iot2050-debian-iot2050.dpkg_status and can also produce such a report yourself. For meta-iot2050 and the official example image, we don't provide those files or reports from that tool, though.
SCordibella
Dear @jan-kiszka I see a thread in which you are speaking about CVE check in cip-core / debian.
My guess is to perform a CVE check every new image build, and I know that it is possible to automate this process in some build system like Yocto.
Could you please give me a little bit more context about this activity for IoT-2050?
Best regards, Stefano.