Re: CVE metrics tracking from the autobuilder

Home Messages Hashtags Subgroups

Anuj Mittal #57186 Hi Richard, On Wed, 2022-05-25 at 14:30 +0100, Richard Purdie wrote: I'm happy to say that automatic CVE metric tracking is now on the autobuilder and automatically feeding to: https://autobuilder.yocto.io/pub/non-release/patchmetrics/ and the git repository that backs it: https://git.yoctoproject.org/yocto-metrics/log/ This is very nice. This is working for dunfell/kirkstone/master. It is enabled for honister but doesn't work since the json CVE output for honister isn't there. Not sure if we want to add the json CVE output to honister to enable that for the short time that release has left? Yeah, there is only a week left and I wasn't planning to take those patches in my final pull request. Thanks, Anuj I plan to run the autobuilder job powering this nightly. Currently it adds a json file for each run into the yocto-metrics repository. These are 6MB each though so we're going to get into silly amounts of data rather quickly so I may have to adjust it to just write the latest. It would also help the size to use tabs instead of spaces for indentation. The autobuilder job currently throws warnings but I think Ross said he'd send a patch to allow that to be configurable. Also, this doesn't send the CVE emails Steve currently sends. It would be possible to add, I'm hoping someone might like to send some patches! Cheers, Richard
More All Messages By This Member

Join {yocto@lists.yoctoproject.org to automatically receive all group messages.