Re: CVE metrics tracking from the autobuilder

Anuj Mittal

Hi Richard,

On Wed, 2022-05-25 at 14:30 +0100, Richard Purdie wrote:
I'm happy to say that automatic CVE metric tracking is now on the
autobuilder and automatically feeding to:

and the git repository that backs it:
This is very nice.

This is working for dunfell/kirkstone/master. It is enabled for
honister but doesn't work since the json CVE output for honister

Not sure if we want to add the json CVE output to honister to enable
that for the short time that release has left?
Yeah, there is only a week left and I wasn't planning to take those
patches in my final pull request.



I plan to run the autobuilder job powering this nightly.

Currently it adds a json file for each run into the yocto-metrics
repository. These are 6MB each though so we're going to get into
amounts of data rather quickly so I may have to adjust it to just
the latest. It would also help the size to use tabs instead of spaces
for indentation.

The autobuilder job currently throws warnings but I think Ross said
he'd send a patch to allow that to be configurable.

Also, this doesn't send the CVE emails Steve currently sends. It
be possible to add, I'm hoping someone might like to send some



Join { to automatically receive all group messages.