diff options
| author | Joshua Watt <JPEWhacker@gmail.com> | 2025-03-05 14:00:30 -0700 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2025-03-06 16:33:20 +0000 |
| commit | 5d7d2981bdbb0e3c1d02c037f8dcf79cffead00d (patch) | |
| tree | d4baebdeeb26bcd5a523106cf6e1feea9a108b42 /meta/lib | |
| parent | b34f84dce855a149a465159e09161ff7a79e65c5 (diff) | |
| download | poky-5d7d2981bdbb0e3c1d02c037f8dcf79cffead00d.tar.gz | |
lib: sbom30: Add action statement for affected VEX statements
VEX Affected relationships have a mandatory action statement that
indicates the mitigation for a vulnerability. Since we don't track this
add a statement indicating that no mitigation is known.
(From OE-Core rev: 39545c955474a43d11a45d74a88a5999b02cb8b3)
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/lib')
| -rw-r--r-- | meta/lib/oe/sbom30.py | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/meta/lib/oe/sbom30.py b/meta/lib/oe/sbom30.py index 0595ebd41c..227ac51877 100644 --- a/meta/lib/oe/sbom30.py +++ b/meta/lib/oe/sbom30.py | |||
| @@ -685,6 +685,7 @@ class ObjectSet(oe.spdx30.SHACLObjectSet): | |||
| 685 | to, | 685 | to, |
| 686 | spdxid_name="vex-affected", | 686 | spdxid_name="vex-affected", |
| 687 | security_vexVersion=VEX_VERSION, | 687 | security_vexVersion=VEX_VERSION, |
| 688 | security_actionStatement="Mitigation action unknown", | ||
| 688 | ) | 689 | ) |
| 689 | 690 | ||
| 690 | def new_vex_ignored_relationship(self, from_, to, *, impact_statement): | 691 | def new_vex_ignored_relationship(self, from_, to, *, impact_statement): |