Hello Valentin, I have tested this new series and while it seems to run the bbclass, I think it is using a cve-summary file that doesn't have the kernel on it, and therefore it doesn't get updated.
I'm using in an offline build INHERIT += "vex" And a core-image-minimal.bbappend inherit improve_kernel_cve_report You might want to mention in your commit that if you want a more detailed list of vulnerabilities, you need to add: SPDX_INCLUDE_COMPILED_SOURCES:pn-linux-yocto = "1" Image VEX JSON report stored in: yocto-master/build/tmp/work/qemuarm64-poky-linux/core-image-minimal/1.0/deploy-core-image-minimal-image-complete/core-image-minimal-qemuarm64.rootfs-20260129103343.json improve_kernel_cve: Using SPDX file for extra kernel vulnerabilities scouting: yocto-master/build/tmp/work/qemuarm64-poky-linux/core-image-minimal/1.0/spdx/3.0.1/image-deploy/core-image-minimal-qemuarm64.rootfs.spdx.json Improve CVE report with extra kernel cves: yocto-master/build/tmp/deploy/images/qemuarm64/core-image-minimal-qemuarm64.rootfs-20260129103343.scouted.json The file generated in /build/tmp/log/cve/cve-summary.json should have the kernel in question. The ones connected with the image doesn't have the kernel on it. Best regards, Daniel > -----Original Message----- > From: ValentinBoudevin <[email protected]> > Sent: Wednesday, 28 January 2026 17:38 > To: [email protected] > Cc: Daniel Turull <[email protected]>; > [email protected]; ValentinBoudevin > <[email protected]> > Subject: [PATCH v5 0/2] improve_kernel_cve_report: Add a bbclass support > > Changes since v4: > - Add a new commit which contains a new recipe "vulns-native" to clone the > Linux Security Vulns Repo. > - Remove the tasks do_clone_kernel_cve which is now done by the new vulns- > native recipe. > - Update the do_scout_extra_kernel_vulns task to use the new vulns-native > repository path. > - Remove variables IMPROVE_KERNEL_CVE_SRC_URI, > IMPROVE_KERNEL_CVE_SRCREV, IMPROVE_KERNEL_CVE_NETWORK, > IMPROVE_KERNEL_CVE_WORKDIR, and IMPROVE_KERNEL_CVE_DESTSUFFIX. > - Modify __anonymous function to not set SRC_URI and SRCREV. > - Update __anonymous function to use bb.data.inherits_class. > - Update the commit message to reflect these changes. > - Move improve_kernel_cve_report.bbclass to improve_kernel_cve_report-spdx- > 3.0.bbclass. > - New improve_kernel_cve_report.bbclass to include the appropriate spdx > version bbclass. > > Changes since v3: > -Avoid code duplication with a new bbclass "improve_kernel_cve_report- > base.bbclass". > -Remove direct set of SRC_URI and SRCREV for offline mode. > -Use new __anonymous function to set SRC_URI, SRCREV and task schedule > do_scout_extra_kernel_vulns based on SPDX version used. > -improve_kernel_cve_report-spdx-2.2.bbclass and improve_kernel_cve_report- > spdx.bbclass are only used to define IMPROVE_KERNEL_PREFERRED_PROVIDER > and IMPROVE_KERNEL_SPDX_FILE > > Changes since v2: > - Fixed SRC_URI:append syntax (a space was missing with the append operator). > - Removed unused variable debug_source_path > > Changes since v1: > - IMPROVE_KERNEL_CVE_SRC_URI and IMPROVE_KERNEL_CVE_SRCREV can be > used to set a different source repository or a deterministic revision. > - IMPROVE_KERNEL_CVE_NETWORK variable can be used to use this repo offline > based on existing fetch repo in DL_DIR. > - Add support for SPDX2.2 with a new bbclass improve_kernel_cve_report-spdx- > 2.2.bbclass. > > ValentinBoudevin (2): > vulns: add a new recipe > improve_kernel_cve_report: Add a bbclass support > > .../improve_kernel_cve_report-base.bbclass | 60 +++++++++++++++++++ > ...improve_kernel_cve_report-spdx-2.2.bbclass | 4 ++ > ...improve_kernel_cve_report-spdx-3.0.bbclass | 4 ++ > .../classes/improve_kernel_cve_report.bbclass | 3 + > .../vulns-native/vulns-native_git.bb | 24 ++++++++ > 5 files changed, 95 insertions(+) > create mode 100644 meta/classes/improve_kernel_cve_report-base.bbclass > create mode 100644 meta/classes/improve_kernel_cve_report-spdx-2.2.bbclass > create mode 100644 meta/classes/improve_kernel_cve_report-spdx-3.0.bbclass > create mode 100644 meta/classes/improve_kernel_cve_report.bbclass > create mode 100644 meta/recipes-kernel/vulns-native/vulns-native_git.bb
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#230128): https://lists.openembedded.org/g/openembedded-core/message/230128 Mute This Topic: https://lists.openembedded.org/mt/117510774/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
