buildroot

Files

T

History

Fabien Lehoussel 3a5e70d1d1 support/scripts/generate-cyclonedx: add source attribute to CVEs

Add 'source' attribute to each CVE in vulnerabilities node, including NVD
URL reference to enable proper import into Dependency-Track.

Dependency-Track's VEX importer requires the source attribute to
properly process vulnerability entries. Without it, vulnerabilities are
skipped during import with "does not have an ID and / or source" warnings.

Include the full NVD URL following the CycloneDX 1.6 documentation format:
https://nvd.nist.gov/vuln/detail/{CVE-ID}

Test Environment:
- Buildroot: 2025.02.11 (or master)
- Dependency-Track: v4.13.6

Test Results - BEFORE (without source attribute):
apiserver_1  | 2026-02-23 16:05:40,890 INFO [VexUploadProcessingTask] Processing CycloneDX VEX uploaded to project: e43fe185-c0a3-4e3a-a908-667344a66a9c
apiserver_1  | 2026-02-23 16:05:40,941 WARN [CycloneDXVexImporter] VEX vulnerability at position #0 does not have an ID and / or source; Skipping it
apiserver_1  | 2026-02-23 16:05:40,941 WARN [CycloneDXVexImporter] VEX vulnerability at position #1 does not have an ID and / or source; Skipping it
...
apiserver_1  | 2026-02-23 16:05:40,941 WARN [CycloneDXVexImporter] VEX vulnerability at position #19 does not have an ID and / or source; Skipping it
apiserver_1  | 2026-02-23 16:05:40,941 INFO [CycloneDXVexImporter] The uploaded VEX does not contain any applicable vulnerabilities; Skipping VEX import

Test Results - AFTER (with source):
apiserver_1  | 2026-02-23 16:17:13,492 INFO [VexUploadProcessingTask] Processing CycloneDX VEX uploaded to project: e43fe185-c0a3-4e3a-a908-667344a66a9c
apiserver_1  | 2026-02-23 16:17:14,054 INFO [VexUploadProcessingTask] Completed processing of CycloneDX VEX for project: e43fe185-c0a3-4e3a-a908-667344a66a9c

CVEs are correctly imported in Dependency-Track

Signed-off-by: Fabien Lehoussel <fabien.lehoussel@smile.fr>
Acked-By: Thomas Perale <thomas.perale@mind.be>
Signed-off-by: Romain Naour <romain.naour@smile.fr>

2026-03-17 22:13:20 +01:00

checkpackagelib

utils/check-package: add a check for 'default n' in Config.in files

2025-11-15 21:56:10 +01:00

checksymbolslib

package/fbtft: remove package

2025-09-28 13:26:40 +02:00

add-custom-hashes

utils/add-custom-hashes: symlink linux-headers to linux

2024-05-29 08:56:47 +02:00

brmake

utils/brmake: filter output for parallel build

2025-10-21 21:41:37 +02:00

bump-stable-kernel-versions

utils/bump-stable-kernel-versions: new tool

2025-08-29 18:44:41 +02:00

check-package

utils/check-package: allow exception for global checks

2025-08-29 12:49:30 +02:00

check-symbols

utils/check-symbols: new script

2023-02-06 16:30:20 +01:00

config

utils/config: fix shellcheck errors

2025-02-09 15:39:46 +01:00

diffconfig

utils/diffconfig: use python3 explicitly

2021-12-29 10:07:59 +01:00

docker-run

utils/docker-run: allow explicitly setting of docker/podman/...

2025-02-18 21:18:48 +01:00

generate-cyclonedx

support/scripts/generate-cyclonedx: add source attribute to CVEs

2026-03-17 22:13:20 +01:00

genrandconfig

boot/s500-bootloader: drop package

2025-12-29 17:52:30 +01:00

get-developers

utils/get-developers: add option to report Cc: lines

2025-01-05 14:09:20 +01:00

getdeveloperlib.py

utils/getdeveloperlib.py: fix retrieve typo

2024-09-21 20:18:56 +02:00

readme.txt

Revert "utils/brmake: add option to run in docker"

2025-02-18 20:50:54 +01:00

scancpan

package/perl: bump to version 5.42.0

2025-12-19 19:01:06 +01:00

scanpypi

utils/scanpypi: remove python six module

2025-09-17 18:42:51 +02:00

size-stats-compare

utils/size-stats-compare: fix flake8 error

2022-02-01 21:52:35 +01:00

test-pkg

utils/test-pkg: add new option -T/--toolchain-name

2025-08-29 12:26:29 +02:00

update-rust

utils/update-rust: fix MIT hash

2025-07-25 19:42:46 +02:00

readme.txt

This directory contains various useful scripts and tools for working
with Buildroot. You need not add this directory in your PATH to use
any of those tools, but you may do so if you want.

brmake
    a script that can be run instead of make, that prepends the date in
    front of each line, redirects all of the build output to a file
    ("'br.log' in the current directory), and just outputs the Buildroot
    messages (those lines starting with >>>) on stdout.
    Do not run this script for interactive configuration (e.g. menuconfig)
    or on an unconfigured directory. The output is redirected so you will see
    nothing.

check-package
    a script that checks the coding style across the buildroot tree. It
    checks package's Config.in and .mk files, runs shellcheck for all shell
    scripts, flake8 for python files, checks for typos, etc.
    It checks the .checkpackageignore file if errors should be ignored and
    errors if there's a file listed that doesn't produce an error.

docker-run
    a script that runs a command (like make check-package) inside the
    buildroot CI docker container; pass no command to get an interactive
    shell.

genrandconfig
    a script that generates a random configuration, used by the autobuilders
    (http://autobuild.buildroot.org). It selects a random toolchain from
    support/config-fragments/autobuild and randomly selects packages to build.

get-developers
    a script to return the list of people interested in a specific part
    of Buildroot, so they can be Cc:ed on a mail. Accepts a patch as
    input, a package name or and architecture name.

scancpan
    a script to create a Buildroot package by scanning a CPAN module
    description.

scanpypi
    a script to create a Buildroot package by scanning a PyPI package
    description.

size-stats-compare
    a script to compare the rootfs size between two different Buildroot
    configurations. This can be used to identify the size impact of
    a specific option, of a set of specific options, or of an update
    to a newer Buildroot version...

test-pkg
    a script that tests a specific package against a set of various
    toolchains, with the goal to detect toolchain-related dependencies
    (wchar, threads...)