diff --git a/meta/conf/distro/include/cve-extra-exclusions.inc b/meta/conf/distro/include/cve-extra-exclusions.inc
index e02a4d1fde..4c8716c1a8 100644
--- a/meta/conf/distro/include/cve-extra-exclusions.inc
+++ b/meta/conf/distro/include/cve-extra-exclusions.inc
@@ -19,7 +19,7 @@
 # strace https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2000-0006
 # CVE is more than 20 years old with no resolution evident
 # broken links in CVE database references make resolution impractical
-CVE_CHECK_WHITELIST += "CVE-2000-0006"
+CVE_CHECK_WHITELIST:pn-strace += "CVE-2000-0006"
 
 # epiphany https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-0238
 # The issue here is spoofing of domain names using characters from other character sets.
@@ -28,26 +28,26 @@ CVE_CHECK_WHITELIST += "CVE-2000-0006"
 # there is unlikely ever to be a single fix to webkit or epiphany which addresses this
 # problem. Whitelisted as there isn't any mitigation or fix or way to progress this further
 # we can seem to take.
-CVE_CHECK_WHITELIST += "CVE-2005-0238"
+CVE_CHECK_WHITELIST:pn-epiphany += "CVE-2005-0238"
 
 # glibc https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4756
 # Issue is memory exhaustion via glob() calls, e.g. from within an ftp server
 # Best discussion in https://bugzilla.redhat.com/show_bug.cgi?id=681681
 # Upstream don't see it as a security issue, ftp servers shouldn't be passing
 # this to libc glob. Exclude as upstream have no plans to add BSD's GLOB_LIMIT or similar
-CVE_CHECK_WHITELIST += "CVE-2010-4756"
+CVE_CHECK_WHITELIST:pn-glibc += "CVE-2010-4756"
 
 # go https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29509
 # go https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29511
 # The encoding/xml package in go can potentially be used for security exploits if not used correctly
 # CVE applies to a netapp product as well as flagging a general issue. We don't ship anything
 # exposing this interface in an exploitable way
-CVE_CHECK_WHITELIST += "CVE-2020-29509 CVE-2020-29511"
+CVE_CHECK_WHITELIST:pn-go += "CVE-2020-29509 CVE-2020-29511"
 
 # db
 # Since Oracle relicensed bdb, the open source community is slowly but surely replacing bdb with
 # supported and open source friendly alternatives. As a result these CVEs are unlikely to ever be fixed.
-CVE_CHECK_WHITELIST += "CVE-2015-2583 CVE-2015-2624 CVE-2015-2626 CVE-2015-2640 CVE-2015-2654 \
+CVE_CHECK_WHITELIST:pn-db += "CVE-2015-2583 CVE-2015-2624 CVE-2015-2626 CVE-2015-2640 CVE-2015-2654 \
 CVE-2015-2656 CVE-2015-4754 CVE-2015-4764 CVE-2015-4774 CVE-2015-4775 CVE-2015-4776 CVE-2015-4777 \
 CVE-2015-4778 CVE-2015-4779 CVE-2015-4780 CVE-2015-4781 CVE-2015-4782 CVE-2015-4783 CVE-2015-4784 \
 CVE-2015-4785 CVE-2015-4786 CVE-2015-4787 CVE-2015-4788 CVE-2015-4789 CVE-2015-4790 CVE-2016-0682 \