MIRRORS/poky
1
0
Fork 0
mirror of git://git.yoctoproject.org/poky.git synced 2025-07-19 21:09:03 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity

lib: sbom30: Add action statement for affected VEX statements

Browse Source 
VEX Affected relationships have a mandatory action statement that
indicates the mitigation for a vulnerability. Since we don't track this
add a statement indicating that no mitigation is known.

(From OE-Core rev: 39545c955474a43d11a45d74a88a5999b02cb8b3)

Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
Joshua Watt 2025-03-05 14:00:30 -07:00 committed by Richard Purdie
parent b34f84dce8
commit 5d7d2981bd
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
meta/lib/oe/sbom30.py
View File

@ -685,6 +685,7 @@ class ObjectSet(oe.spdx30.SHACLObjectSet):
to,
spdxid_name="vex-affected",
security_vexVersion=VEX_VERSION,
security_actionStatement="Mitigation action unknown",
)
def new_vex_ignored_relationship(self, from_, to, *, impact_statement):