Sākums Izpētīt Palīdzība
Pierakstīties
crispAudio
/
poky
spogulis no git://git.yoctoproject.org/poky
5
0
Atdalīts 0
Faili Problēmas 0 Vikivietne
Pārlūkot izejas kodu

lib: sbom30: Add action statement for affected VEX statements

VEX Affected relationships have a mandatory action statement that
indicates the mitigation for a vulnerability. Since we don't track this
add a statement indicating that no mitigation is known.

(From OE-Core rev: 39545c955474a43d11a45d74a88a5999b02cb8b3)

Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Joshua Watt 2 mēneši atpakaļ
vecāks
b34f84dce8
revīzija
5d7d2981bd
1 mainītis faili ar 1 papildinājumiem un 0 dzēšanām
Dalītais skats Rādīt salīdzināšanas statistiku
  1. 1 0
      meta/lib/oe/sbom30.py

+ 1 - 0
meta/lib/oe/sbom30.py
Parādīt failu 

@@ -685,6 +685,7 @@ class ObjectSet(oe.spdx30.SHACLObjectSet):
 
             to,
 
             spdxid_name="vex-affected",
 
             security_vexVersion=VEX_VERSION,
 
+            security_actionStatement="Mitigation action unknown",
 
         )
 
 
     def new_vex_ignored_relationship(self, from_, to, *, impact_statement):