@@ -49,7 +49,8 @@ CVE_CHECK_DIR ??= "${DEPLOY_DIR}/cve"
CVE_CHECK_RECIPE_FILE ?= "${CVE_CHECK_DIR}/${PN}"
CVE_CHECK_RECIPE_FILE_JSON ?= "${CVE_CHECK_DIR}/${PN}_cve.json"
CVE_CHECK_MANIFEST ?= "${IMGDEPLOYDIR}/${IMAGE_NAME}.cve"
-CVE_CHECK_MANIFEST_JSON ?= "${IMGDEPLOYDIR}/${IMAGE_NAME}.json"
+CVE_CHECK_MANIFEST_JSON_SUFFIX ?= "json"
+CVE_CHECK_MANIFEST_JSON ?= "${IMGDEPLOYDIR}/${IMAGE_NAME}.${CVE_CHECK_MANIFEST_JSON_SUFFIX}"
CVE_CHECK_COPY_FILES ??= "1"
CVE_CHECK_CREATE_MANIFEST ??= "1"
@@ -278,7 +279,8 @@ python cve_check_write_rootfs_manifest () {
bb.plain("Image CVE report stored in: %s" % manifest_name)
if enable_json:
- link_path = os.path.join(deploy_dir, "%s.json" % link_name)
+ manifest_name_suffix = d.getVar("CVE_CHECK_MANIFEST_JSON_SUFFIX")
+ link_path = os.path.join(deploy_dir, "%s.%s" % (link_name, manifest_name_suffix))
manifest_name = d.getVar("CVE_CHECK_MANIFEST_JSON")
with open(manifest_name, "w") as f:
The variable contains the suffix of the CVE JSON manifest file. By default, this variable is set to 'json', so the current behavior is not changed, but enables developers to use some other suffix, e.g., cve.json (similar to spdx.json). Signed-off-by: Aleksandar Nikolic <an010@live.com> --- meta/classes/cve-check.bbclass | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-)