[Buildroot] [PATCH v4 0/5] CPE ID Support
Matt Weber
matthew.weber at rockwellcollins.com
Thu May 10 18:58:49 UTC 2018
This series begins adding CPE identifier support to Buildroot. The
intent is to establish and maintain a baseline of CPE IDs, one for each
package. Each of these IDs ties back to a NIST database entry for the
respective piece of software, which is linked to specific vunderabilities.
Within Buildroot, a CPE report can be generated (like legal-info) that
captures a target build's list of CPE IDs. This report can then be
checked for validity using the pkgstat script or another third party tool.
The pkgstats script has been extended to provide CPE ID checking of
matching/requires update/new as part of its html output.
As part of testing this series, the following branch contains a series
of fixups required to make these specific packages match the database.
(I can submit these to the mailing list but there are ~70 of them)
https://github.com/rc-matthew-l-weber/buildroot/tree/cpe-info-github
Commit 14c3ee6 to 567732d
A follow-on patchset will be submitted adding support for pkgstat generation
of CPE updates in XML and Buildroot manual updates for guidance on submission
of those XML database updates to the NIST organization. (We'd like to get
feedback on this series first to save us effort on the update XML stuff)
Matt Weber (5):
cpe-info: new make target
cpe-info: id prefix/suffix
cpe-info: only report target pkgs
cpe-info: update manual for new pkg vars
support/scripts/pkgstats: add CPE reporting
Makefile | 17 ++-
docs/manual/adding-packages-generic.txt | 117 ++++++++++++--------
package/Makefile.in | 4 +
package/pkg-generic.mk | 21 ++++
package/pkg-utils.mk | 8 ++
support/scripts/pkg-stats | 188 +++++++++++++++++++++++++++++---
6 files changed, 293 insertions(+), 62 deletions(-)
--
1.9.1
More information about the buildroot
mailing list