Releases: Ericsson/yocto-security-tools
Releases · Ericsson/yocto-security-tools
Release list
v1.0.1
What's Changed
- Add attestation and update documentation by @danielturull in #25
- fix version bump ci workflow by @danielturull in #26
- chore: bump version to 1.0.1 by @github-actions[bot] in #27
- workflow: increase version only after release by @danielturull in #29
- Fix/bzip edgecases fixes by @danielturull in #30
- Update changelog for v1.0.1 by @danielturull in #31
New Contributors
- @github-actions[bot] made their first contribution in #27
Full Changelog: v1.0.0...v1.0.1
v1.0.0
yocto-security-tools v1.0.0
Initial release of standalone CVE management tools for Yocto/OpenEmbedded.
Tools
- cve-metadata-extractor — Find fix commits from multiple public sources (Debian, OSV, CVEList V5, Ubuntu)
- cve-corrector — Automate CVE backporting to Yocto recipes via devtool
- cve-agent — AI-assisted conflict resolution for CVE backports
Highlights
- Plugin system for custom CVE sources and AI backends (drop
.pyfiles inextra/) - XDG Base Directory compliant storage
- Minimal dependencies: only
requestsandpackaging - Python 3.10+ supported
Install
pip install yocto-security-toolsDocumentation
See README.md (https://github.com/Ericsson/yocto-security-tools/blob/main/README.md) for usage and CONTRIBUTING.md
(https://github.com/Ericsson/yocto-security-tools/blob/main/CONTRIBUTING.md) for development guidelines.