I am new to Yocto and would like to know how Yocto Cve check works.
- Cve Check finds the patched/unpatched on version number & patch added to the recipe. Is this the only 2 methods Cve Check use?
- Cve Check seems to fetch the package artifactory from jFrog. If 1 is true, why do we need to do this? We could just compare the version number & patch added from the metadata of the recipe.
- If 1 is true, why Cve Check could take so many minutes (20 min+) for some packages to find its cve?
