yocto-autobuilder-helper/scripts/cve-report.py

#!/usr/bin/env python3

import os, sys
import json

jsonfile = sys.argv[1]

ignored_recipes = ("linux-yocto", "db", "db-native")

with open(jsonfile) as f:
    cvedata = json.load(f)

cves = dict()

for recipe in cvedata['package']:
    if recipe['name'] in ignored_recipes:
        continue
    if 'issue' not in recipe:
        continue
    for i in recipe['issue']:
        if i['status'] == "Unpatched":
            if i["id"] in cves:
                cves[i["id"]] += ":" + recipe['name']
            else:
                 cves[i["id"]] = recipe['name']

print("Found %d unpatched CVEs" % len(cves))
for cve in sorted(cves.keys()):
    print("%s: %s https://web.nvd.nist.gov/view/vuln/detail?vulnId=%s *" % (cve, cves[cve], cve))