Add a SCA_ALLOW_LAYER

to further filter the layer/recipe where sca should be inherited automatically Closes #9490 Signed-off-by: Konrad Weihmann <[email protected]>
priv-kweihmann · Mar 29, 2022 · 1b9bf1f · 1b9bf1f
1 parent 8d27811
commit 1b9bf1f
Show file tree

Hide file tree

Showing 3 changed files with 8 additions and 2 deletions.
diff --git a/classes/sca-global.bbclass b/classes/sca-global.bbclass
@@ -17,6 +17,8 @@ SCA_SPARE_LAYER ?= ""
 # Additional regular expressions for paths that shouldn't
 # run SCA
 SCA_SPARE_DIRS ?= ""
+# Allow list of layer names to apply sca to
+SCA_ALLOW_LAYER ?= ""
 # if set to 1 all bbappends from non-suppressed layer will
 # not invoke SCA, which means in consequence that if the value
 # is != 1 an bbappend from a non-supressed layer will

diff --git a/classes/sca.bbclass b/classes/sca.bbclass
@@ -13,9 +13,12 @@ def sca_files_part_of_unspared_layer(d, files):
     import re
     import os
     _layer = []
+    _allow_list = d.getVar("SCA_ALLOW_LAYER").split(" ")
     for x in d.getVar("SCA_SPARE_LAYER").split(" "):
         if not x:
             continue
+        if _allow_list and x not in _allow_list:
+            continue
         _tmp = d.getVar("BBFILE_PATTERN_{}".format(x))
         if _tmp:
             _tmp = _tmp.lstrip("^").rstrip("/") or ""

diff --git a/docs/conf/global.md b/docs/conf/global.md
@@ -6,17 +6,18 @@ The behavior of the analysis can be controlled by several __bitbake__-variables
 
 | var | purpose | type | default |
 | ------------- |:-------------:| -----:| -----:|
+| SCA_ALLOW_LAYER | layer names, like 'core' or 'openembedded-layer' to apply SCA to on all recipes of that layer | space seperated list | ""
 | SCA_AUTO_INH_ON_IMAGE | Do automatically enable analysis on image-recipes | string | "1"
 | SCA_AUTO_INH_ON_RECIPE | Do automatically enable analysis on other recipes | string | "1"
 | SCA_AUTO_LICENSE_FILTER | Filter according to recipe license if sca should invoked | space separated regular expression | ".*"
 | SCA_AVAILABLE_MODULES | List of all available modules, use to globally enable/disable modules | space-separated-string | all available modules
 | SCA_BACKTRACK | Backtrack findings in images to their original recipes | string: 0 or 1 | "0"
 | SCA_CLEAN_BEFORE_EXPORT | Remove old files from export dir | string: 0 or 1 | "1"
 | SCA_ENABLE | Does globally enable the analysis | string | "1"
-| SCA_ENABLE_BESTOF | Enables/disables the BestOf mode (see chapter BestOf Mode) | string | "0"
-| SCA_ENABLE_IMAGE_SUMMARY | En/disable the image-summary module | string | "1"
 | SCA_ENABLED_MODULES_IMAGE | The analysis modules to be activated on images | space-separated-string | see sca-on-image.bbclass
 | SCA_ENABLED_MODULES_RECIPE | The analysis modules to be activated on recipes | space-separated-string | see sca-on-recipe.bbclass
+| SCA_ENABLE_BESTOF | Enables/disables the BestOf mode (see chapter BestOf Mode) | string | "0"
+| SCA_ENABLE_IMAGE_SUMMARY | En/disable the image-summary module | string | "1"
 | SCA_EXPORT_DIR | Directory where to store the results of analysis | path | \${DEPLOY_DIR_IMAGE}/sca
 | SCA_EXPORT_FINDING_DIR | The folder where to store the original source-files of findings | path | \${DEPLOY_DIR_IMAGE}/sca/sources/\${PN}/
 | SCA_EXPORT_FINDING_SRC | Do copy the source-files of any finding to deploy-dir. This proved to helpful when integrating into Jenkins. | string | "1"