Currently, Vigiles for i.MX support has been integrated into the I.MX SDK as a YOCTO layer. It would be helpful to extend this tool's support for Layerscape, since currently both i.MX and LS are based on the same unified Linux LTS kernel. How can a user take advantage of this powerful tool on Layerscape BSP's?
Vigiles can be used to monitor vulnerabilities in the Layerscape BSP components. Currently there is no direct support to extract the manifest from “Layerscape SDK” flex-builder which is required for Vigiles to track vulnerabilities. However, one can manually create a CSV file and/or use the Vigiles UI to create a manifest listing all the NXP packages (including the Linux LTS kernel) and then upload it to Vigiles to generate a vulnerability report and tracking new vulnerabilities. If assistance is needed in creating the CSV file (documentation) please contact us and we can help with the same.
We are in the process of adding support for Layerscape SDK in an upcoming release of Vigiles to enable seamless integration and it will be available by end of Q3 2020.
Thanks,
Vigiles Security Team