create-spdx-2.2.bbclass: Add CVE_CHECK_IGNORE to fixed CVEs
The list of CVEs fixed by patches goes to the field *sourceInfo* in the
SBOM. But this list does not contain the CVEs marked for ignoring with the
Bitbake variable *CVE_CHECK_IGNORE*. Many recipes (e.g. openssh, glibc,
python) contain such entries and these are missing in the SBOM. Therefore,
add them to the list.
Signed-off-by: Jörg Sommer <joerg.sommer@navimatix.de> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
projects / thirdparty / openembedded / openembedded-core.git / commit
