On 1 Apr 2026, at 13:29, Daniel Turull <[email protected]> wrote: > The kernel scripts to check CVEs uses the vex output as input. > https://git.openembedded.org/openembedded-core/tree/scripts/contrib/improve_kernel_cve_report.py
I believe this functionality is also superceded by sbom-cve-check, as the recommended configuration fragment sets SPDX_INCLUDE_COMPILED_SOURCES:pn-linux-yocto = “1”. Would you be able to verify this, we might be able to deprecate/remove this script too in master. Ross
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#234529): https://lists.openembedded.org/g/openembedded-core/message/234529 Mute This Topic: https://lists.openembedded.org/mt/118596049/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
