--- /dev/null
+# SPDX-License-Identifier: MIT
+
+# Perform CVE analysis on recipe SBOMs using sbom-cve-check.
+#
+# This will analyse the entire SBOM for the recipe, so the recipe itself and
+# all of the dependencies. It is expected that for most purposes
+# sbom-cve-check.bbclass is preferred as that will analyse what is deployed
+# in an image.
+
+inherit sbom-cve-check-common
+
+python do_sbom_cve_check_recipe() {
+ """
+ Task: Run sbom-cve-check analysis on a recipe SBOM.
+ """
+ sbom_path = d.expand("${DEPLOY_DIR_IMAGE}/${SPDX_RECIPE_SBOM_NAME}.spdx.json")
+ recipe = d.getVar("SPDX_RECIPE_SBOM_NAME")
+ run_sbom_cve_check(d, sbom_path, recipe)
+}
+
+addtask do_sbom_cve_check_recipe after do_create_recipe_sbom
+
+SSTATETASKS += "do_sbom_cve_check_recipe"
+do_sbom_cve_check_recipe[cleandirs] = "${SBOM_CVE_CHECK_DEPLOYDIR}"
+do_sbom_cve_check_recipe[sstate-inputdirs] = "${SBOM_CVE_CHECK_DEPLOYDIR}"
+do_sbom_cve_check_recipe[sstate-outputdirs] = "${DEPLOY_DIR_IMAGE}"
+do_sbom_cve_check_recipe[depends] += " \
+ python3-sbom-cve-check-native:do_populate_sysroot \
+ ${SBOM_CVE_CHECK_UPDATE_DB_DEPENDENCIES} \
+"
+
+python do_sbom_cve_check_recipe_setscene() {
+ sstate_setscene(d)
+}
+addtask do_sbom_cve_check_recipe_setscene
projects / thirdparty / openembedded / openembedded-core-contrib.git / commitdiff
