Vigiles is a Software Composition Analysis (SCA) tool that helps generate and analyze a Software Bill of Materials (SBOM) for publicly known cybersecurity vulnerabilities, particularly CVEs. Vigiles is optimized for embedded systems, and it provides a complete vulnerability lifecycle management tool. this is imx processor community, for imx, you can find information about Vigiles from yocto user guide, refer to the chapter 7.3 Monitoring security vulnerabilities in your BSP of yocto user guide, Vigiles is a vulnerability monitoring and management tool that provides build-time Yocto CVE analysis of target images.
I also found some Q&A for this, hope helpful for you
Does Vigiles have a way to catch errors like typos or missing mappings?
If a package in the SBOM is not found in our database, we alert the user in the CVE report page. The customer can fix the package name or map it to our database using the override mechanism. The Timesys security team also periodically reviews and adds missing mappings. And finally, it allows users to include/exclude packages from auto-generated SBOMs, and override mapping.
However, Timesys cannot guarantee that Vigiles is entirely free from errors, defects, or bugs, currently known or unknown.
Can Vigiles be used with any BSP or processor?
As mentioned above, Vigiles is integrated with different build systems. As long as your build system or manual SBOM is used, it can track vulnerabilities with one caveat — Vigiles tracks processor vulnerabilities. So, if your processor or architecture has vulnerabilities tracked by NVD, Vigiles will track it.
