OpenEmbedded meta-layer that allows producing a vulnerability manifest alongside a Yocto build. The produced manifest is suitable for ongoing vulnerability scanning of fielded software.
meta-fbvuln
An OpenEmbedded layer containing a class for collecting vulnerability management metadata for continuous vulnerability scanning of target images
The processing performed by this class is derived from the cve-checkbbclass in oe-core
Usage
Add this layer to your bblayersconf:
echo 'BBLAYERS += "/path/to/meta-fbvuln"' >> conf/bblay