Important Changes

• Reverted #372 as this was messing up the build, including that it didn't work with latest warrior release

Bugfixes

• Revert #372

Important Changes

• cvecheck is disabled by default, due to breaking changes in poky-warrior release. If you're not on warrior you need to enable cvecheck-module manually in your config. If you're on warrior is not recommended to use the cvecheck module at the moment till a valid fix (see #389) exists

Bugfixes

• #387 - Cve-check-tool has been removed from warrior

Main features

• Security auditing
  • Layer is now capable to run tools on the final cross-compiled image. This enables tools like lynis for security auditing.
• Full support for PHP
• Further tools for python and C
• All classes from this layer have appropriate SPDX-license information set (see #329)

Important Changes

• shellcheck cannot be build on mips, mipsel or powerpc build hosts as the support for these architectures has been removed from the module. If you really need this support, feel free to create an issue
• SCA_VERBOSE_OUTPUT=0 is now the default, so you won't see any parsing output when running the build console. See #349
• oelint-adv support for python2 was removed, as this tool does support only python3 (See #384)

New

• #30 - lynis
• #96 - cspell supports user dictionaries
• #110 - wotan
• #121 - cbmc
• #139 - looong
• #232 - yara
• #273 - progpilot
• #274 - phpstan
• #275 - phpcodefixer
• #334 - flawfinder
• #354 - tiger
• #356 - upc
• #366 - flake8 includes now python-cohesion
• #370 - flake8 includes now flake8-2020

Updates

• #315, #350, #374 - Update phan to 2.3.0
• #316 - Update python-flake8-bugbear to 19.8.0
• #317 - Update kconfig-hardened-check to latest
• #318 - Update shellcheck to 0.60.0-1
• #320, #341, #345 - Update eslint to 6.5.1
• #322, #371 - Update stylelint to 11.1.1
• #324 - Update phpstan to 0.11.16
• #325 - Update python-packaging to 19.2
• #327, #342, #355 - Update python-pytest to 5.2.1
• #335, #343, #367 - Update python-anytree to 2.7.2
• #337 - Update creack/pty to 1.1.9
• #339, #384 - Update oelint-adv to 1.7.0
• #340, #382 - Update python-flake8-eradicate to 0.2.3
• #344 - Update github.com-fatih-structtag to 1.1.0
• #347 - Update python-attrs to 19.2.0
• #351 - Update python-jinja to 2.10.3
• #362 - Update python-configargparse to 0.15.1
• #365 - Update gosec to 2.1.0
• #375 - Update textlint to 11.4.0
• #376, #386 - Update textlint-rule-terminology to 2.0.1
• #377 - Update PhpCodeFixer to 2.0.20
• #383 - Update python-networkx to 2.4

Bugfixes

• #208 - All tool statistics are recalculated from buildstats information
• #328 - Replace nodejs by pure native variant
• #331 - file finding fixed when probing without an file extension
• #346 - fixed typo in packaging of golang.org-x
• #358, #360 - Fixed several issues in README
• #364 - Fixed naming scheme in recipe names/versions
• #372 - Fixed issue that let to steady rebuilding of packages
• #379 - Fixed several issues with typos in protocol-option at git fetcher
• dictionary paths when using cspell
• fix wrong LICENSE in python-typing-extension
• standard tool does require online access

Main features

• Basic support of PHP
• Filtering by scope (see #301)
• Improved documentation incl. configuration examples and much more

Important Changes

• The optional layer dependencies of meta-clang and meta-oe are configured differently now.
  See README.md for details

New

• #290 - mypy
• #291 - splint
• #292 - ikos
• #272 - phan
• #125 - retire.js
• #149 - stank

Updates

• #304, #307, #311 - python-pytest to 5.1.2
• #303 - stretchr/testify to 1.4.0
• #305, #306, #310 - eslint to 6.3.0
• #309 - ikos to 2.2
• #312 - cppcheck to 1.89
• #313 - systemdlint to 1.1.1
• #314 - textlint-rule/textlint-rule-no-dead-link to 4.6.1

Bugfixes

• various

Main features

• go-language support
• enhanced security/hardening tooling added
• severity transformation feature (see #214)
• better performance due to improved file-filtering

Important Changes

• score-module isn't enabled by default - if you rely on it, please enable it manually

New

• #213 - darglint
• #209 - gcc hardening checks
• #150 - sparse
• #257 - npmaudit
• #256 - python-safety
• #19 - govet
• #282 - golint
• #82 - gosec
• #277 - revive
• #166 - alex kohler tools
• #286 - dlint
• #289 - wemake-python-styleguide

Updates

• #216 + #262 - textlint-rule-no-dead-link to 4.4.4
• #215 + #238 - textlint to 11.3.1
• #224 - pylint to 2.3.1
• #225 - python-astroids to 2.2.5
• #226 - python-wrapt to 1.11.2
• #223 - flake8 to 3.7.8
• #244 - more-itertools to 7.2.0
• #242 - eslint to 6.1.0
• #235 - flake8-eradicate to 0.2.1
• #231 + #267 - textlint-rule-stop-words to 1.0.17
• #239 - textlint-rule-rousseau to 1.4.6
• #248 - oelint-adv to 1.4.0
• #252 + #253 + #260 - pyparsing to 2.4.2
• #255 - systemdlint to 1.1.0
• #263 - ruamelordereddict to 0.4.14
• #264 - detect-secrects to 0.12.5

Bugfixes

• various

Thanks

• @RobertBerger for finding bugs, enhancing the documentation and much more

Main features

• overall usage of internal data model
• additional tools for shell
• test code for every included tool
• metric tools for c & python
• heavily improved documentation

Important Changes

• tlv, oclint and clang are disabled in default configuration - if you want to use them, you have to manually enable them
• internal data model is used
• in configuration wizard it can be configured if your build host does have internet access or not

New

• #145 - bashate
• #146 - checkbashims
• #141 - cqmetrics
• #170 - tlv
• #156 - radon
• #212 - option to suppress sca output while parsing recipes
• #202 - force run option
• #200 - Cleanup export folder option

Updates

• #138 - oelint-adv 1.3.0
• #151 - systemdlint 1.0.2
• #152 - textlint-rule-en-max-word-count 1.0.2
• #153 - stylelint 10.1.0
• #162 + #186 - python-bandit 1.6.2
• #158 - ropgadget 5.8
• #167 - kconfig-hardened-check to latest
• #176 - eslint 6.0.1
• #178 - python-isort 4.3.21
• #179 - cppcheck 1.88
• #203 - textlint 11.2.6
• #206 - textlint-rule-period-in-list-item 0.3.2
• #211 - textlint-rule-stop-words 1.0.14

Thanks

@RobertBerger

Main features of this release are

• security related tools, such as memory checkers, tools to find passphrases or login credentials
• html, css and javascript checkers
• configuration wizard for more easier configuration of this layer
• score module, which gives you a hint on the quality of a software package in the sense of security, functionality and style
• warrior compatibility

New

• #106 - htmlhint
• #107 - stylelint
• #114 - detect-secrets
• #80 - standard
• #93 - configuration wizard
• #108 - ansible-lint
• #117 - ropgadget
• #127 - proselint
• #128 - py-find-injection
• #129 - module score

Updates

• #112 - textlint-rule/textlint-rule-en-capitalization to 2.0.2
• #116 - systemdlint to 1.0.1
• #118 + #132 + #134 - python-isort to 4.3.20
• #130 - bandit to 1.6.0
• #122 - textlint:textlint-rule-stop-words to 1.0.13
• #131 - yocto "warrior" compatibility
• #137 - python-scikit-build to 0.10
• #135 - kconfig-hardened-check to latest
• #136 - oclint to 0.14

Bugfixes

• Fixed some wrong configurations for several tools
• Turned all tool description into numeric to achieve a better handling, now all values are based on a scale 0-10
• Removed some cycle-deps from recipes

New

• global file filter
• Tool: ansible security playbooks (security)
• Tool: cspell (spelling)
• Tool: dennis (i18n)
• Tool: gixy (nginx)
• Tool: pytype (python)
• Tool: rats (security for c/php/python/perl/ruby)
• Tool: systemdlint (systemd)
• Tool: textlint (spelling)
• Tool: tscancode (c,c#,lua)
• Tool: yamllint (yaml)
• Tool: zeroresourcedetector (i18n)

Updates

• eslint to 5.16.0
• kconfig-hardened-check to latest
• oelint-adv to 1.2.0
• python-isort to 4.3.17
• python-jinja2 tp 2.10.1
• python-networkx to 2.3
• python-pyparsing to 2.4.0

Bugfixes

• fixed multiple ninja recipes issue
• several README issues
• some minor patches

New

• BestOf mode
• Blacklisting functionality

Updates

• python-isort to 4.3.13

Bugfixes

• fixed missing modules in global module list
• worked around the cve-check rebuild of all recipes due to db-update
• README fixes

Bugfixes

• cve-tool db fetch always triggered a rebuild of system
• TypeError in bandit converter

Updates

• oelint-adv to 1.1.0

Bugfixes

• fix non-deterministic builddata warning
• fix json-parser handling
• enabled oelint in global modules

New

• oelint-adv for linting bitbake recipes
• json-parser for linting json-files

Updates

• python-isort 4.1.12

Bugfixes

• Removal of leftover BB_DONT_CACHE, which should prevent unnecessary rebuilds
• Enforce oe-core naming convention to recipes
• Split python-packages into python2/3 recipes (following the best practice from oe/poky)

You can use SCA_AVAILABLE_MODULES to globally enable or disable linting modules, without the need to distinguish between recipes and images

New

• xmllint
• image-summary

Updates

• eslint to 5.15.1
• kconfig-hardened-check

Bugfixes

• Many bugfixes around the license filter functionality, works now without altering the distro-configuration

New

• clang-tidy
• flint++
• oclint
• bandit

Updates

• n.a.

Bugfixes

• better separation of native and non-native recipes enforced
• better handling when tool found no input files

New

• Add kconfig-hardened-check as tool
• Added pysymbolcheck as tool

Updates

• pyisort 4.3.9

Bugfixes

• don't return symlinks when search files to check (this should reduce the risk of double findings)
• various other fixes

New

• n.a.

Updates

• n.a.

Bugfixes

• multiple bugfixes around various topics

Finally the layer should be working properly

New

• cve-check tool to check for unpatched CVEs
• bitbake for converting bitbake console log to checkstyle items

Updates

• n.a.

Bugfixes

• important bugfix that targets incremental builds and tool misbehavior

New

• eslint as linter for javascript added

Updates

• n.a.

Bugfixes

• layer priority decreased so that overriding recipes from this layer should be easier by now

Original Release v1.4 is not available due to an error

New:

• n.a.

Updates

• cppcheck 1.87

Bugfixes:

• important bugfix to make output to console work

New:

• whole layer is now under FOSS-license, all CLOSED components re-licensed or removed

Bugfixes:

• multiple bug fixes

With this release layer should be usable in productive environment