Hi all The yocto scanner integration in warning-ng plugin is released
https://plugins.jenkins.io/warnings-ng/releases/ What does it mean for people that are using Jenkins and yocto in their CI? They can record their issues on a complete dashboard with a simple step recordIssues sourceCodeRetention: 'LAST_BUILD', tools: [yoctoScanner(pattern: "cves.json")] Navigate the issues and find what are the vulnerabilities, go through the link and find the patches, using devtool to override the project, apply the patches and provide to their meta layer and then upstream, have a consistent history of vulnerability on building history. https://github.com/jenkinsci/warnings-ng-plugin This is a really small contribution possible only because there are other people working on opensource. Michael On Sun, Sep 15, 2024 at 5:30 PM Michael Nazzareno Trimarchi via lists.yoctoproject.org <michael=amarulasolutions....@lists.yoctoproject.org> wrote: > > Hi > > On Sat, Sep 14, 2024 at 9:27 PM Khem Raj <raj.k...@gmail.com> wrote: > > > > On Sat, Sep 14, 2024 at 11:41 AM Michael Nazzareno Trimarchi via > > lists.yoctoproject.org > > <michael=amarulasolutions....@lists.yoctoproject.org> wrote: > > > > > > Hi all, > > > > > > I have sent the patches to be included in warning-ng to support yocto > > > security scanning result and looking for some icon representing the > > > can result > > > > > > https://fontawesome.com/icons/categories/security?f=classic&s=solid > > > In the free section. Can anyone suggest one? > > > > > > More info here > > > https://github.com/jenkinsci/warnings-ng-plugin/pull/1824#discussion_r1759750853 > > > > > > The analytic model was already merged but now I would like to have the > > > proper icon there > > > > maybe something like below would be helpful > > https://www.yoctoproject.org/wp-content/uploads/sites/32/2023/09/YoctoProject_Logo_RGB_White_small.svg > > > > Trying to keep one that is representing security but that set and I > found a shield. Anyway how CI/CD is working in yocto, > I would like to connect to jenkins releases to track vulnerability > tranding using the plugin. Nice to allow everyone to check them > and then it's much more easy to apply and find patches that need to be > appied. How is done now? > > Michael > > > > > > > Michael > > > > > > > > > -- > > > Michael Nazzareno Trimarchi > > > Co-Founder & Chief Executive Officer > > > M. +39 347 913 2170 > > > mich...@amarulasolutions.com > > > __________________________________ > > > > > > Amarula Solutions BV > > > Joop Geesinkweg 125, 1114 AB, Amsterdam, NL > > > T. +31 (0)85 111 9172 > > > i...@amarulasolutions.com > > > www.amarulasolutions.com > > > > > > > > > > > > > -- > Michael Nazzareno Trimarchi > Co-Founder & Chief Executive Officer > M. +39 347 913 2170 > mich...@amarulasolutions.com > __________________________________ > > Amarula Solutions BV > Joop Geesinkweg 125, 1114 AB, Amsterdam, NL > T. +31 (0)85 111 9172 > i...@amarulasolutions.com > www.amarulasolutions.com > > > -- Michael Nazzareno Trimarchi Co-Founder & Chief Executive Officer M. +39 347 913 2170 mich...@amarulasolutions.com __________________________________ Amarula Solutions BV Joop Geesinkweg 125, 1114 AB, Amsterdam, NL T. +31 (0)85 111 9172 i...@amarulasolutions.com www.amarulasolutions.com
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#63847): https://lists.yoctoproject.org/g/yocto/message/63847 Mute This Topic: https://lists.yoctoproject.org/mt/108453353/21656 Group Owner: yocto+ow...@lists.yoctoproject.org Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
