Automatic Assessments

Issued from the scan-inventory subcommand

• Version mismatch:

  The package is referenced in the inventory with a version number that is not flagged as vulnerable in the vulnerability database; this sets the automatic vulnerable status to FALSE.

• Rejected:

  This vulnerability has been rejected in the vulnerability database; this sets the automatic vulnerable status to FALSE.

• Package whitelisted:

  This vulnerability is whitelisted by the Yocto recipe used for the package; this sets the automatic vulnerable status to FALSE.

• Package patched:

  An official patch for this vulnerability in included in the product; this sets the automatic vulnerable status to FALSE.

Issued from the filter-report subcommand

• Patch applied:

  This vulnerability has been patched by an upstream fix commit or its backports; this sets the automatic vulnerable status to FALSE.

• Patch available:

  There is an upstream fix commit available to patch this vulnerability; the automatic vulnerable status remains unchanged.

• Code removed:

  Ether the changes responsible for the vulnerability are not present or they does not impact the kernel sources. this sets the automatic vulnerable status to FALSE.

• Safe config:

  This vulnerability has been ruled out based on the current kernel configuration options (lkconfig.yml). this sets the automatic vulnerable status to FALSE.