Yocto license manifests

Meterian can ingest Yocto license manifest files ("license.manifest"). The Yocto Project generates a license manifest during image creation. Meterian can ingest those files, then create and maintain a project inside its purview. This allows to produce the usual reports in every format (HTML, PDF, SBOMs), validate the project against vulnerabilities, and also to be informed in regards to new vulnerabilities that may be affecting the components in your project.

The only requirement, assuming your license has the feature enabled, is to add to the client invocation the parameter --scan-yocto when running it. The system will recursively scan the folder, collect and process all the license manifest files, and produce the usual reporting.

A sample execution follows:

$ meterian --scan-yocto
Meterian Client v1.2.27.1, build 2e3030c-1232
© 2017-2025 Meterian Ltd - All rights reserved

System information:
- working on folder: /sample
- running locally:   yes
- interactive mode:  on
- autofix mode:      off

Checking folder...
Folder /sample contains a viable project!

Authorizing the client...
Client successfully authorized

Project information:
- url:    sample
- branch: head
- commit: n/a

Yocto party scan - running Meterian Yocto Parser 0.2 locally...
- yocto: Collected 2429 entries from manifest /sample/license.manifest...
Execution successful!

Uploading dependencies information - 2449 found...
Done!

Starting build...
Current build status: initialized
Current build status: in preparation
Current build status: process advices at 2025-01-04T16:37:58.117

Final results: 
- security:	0	(minimum: 90)
- stability:	74	(minimum: 90)
- licensing:	89	(minimum: 90)

Full report available at: 
https://www.meterian.com/projects/?pid=...

Build unsuccessful!
Failed checks: [security, stability, licensing]
PreviousLicense detectionNextContainer Scanner

Last updated