manifest: Add the security-risk attribute

In addition to adding the `security-risk` attribute, update TPIP script to check if all the dependencies contains this attribute. Signed-off-by: Devaraj Ranganna <[email protected]>
FreeRTOS · Sep 24, 2024 · 41cf337 · 41cf337
1 parent 9703e49
commit 41cf337
Show file tree

Hide file tree

Showing 3 changed files with 34 additions and 0 deletions.
diff --git a/manifest.yml b/manifest.yml
@@ -6,6 +6,7 @@ dependencies:
   - name: "FreeRTOS-Kernel"
     license: "MIT"
     tpip-category: "category-2"
+    security-risk: "low"
     version: "V11.1.0"
     repository:
       type: "git"
@@ -14,6 +15,7 @@ dependencies:
   - name: "arm-corstone-platform-bsp"
     license: "Apache-2.0"
     tpip-category: "category-2"
+    security-risk: "low"
     version: "v0.3.0"
     repository:
       type: "git"
@@ -22,6 +24,7 @@ dependencies:
   - name: "trusted-firmware-m"
     license: "BSD-3-Clause"
     tpip-category: "category-2"
+    security-risk: "high"
     version: "TF-Mv2.1.0"
     repository:
       type: "git"
@@ -30,6 +33,7 @@ dependencies:
   - name: "mbedtls"
     license: "Apache-2.0"
     tpip-category: "category-2"
+    security-risk: "high"
     version: "v3.6.0"
     repository:
       type: "git"
@@ -38,6 +42,7 @@ dependencies:
   - name: "IoT_Socket"
     license: "Apache-2.0"
     tpip-category: "category-2"
+    security-risk: "low"
     version: "1e15f55ae08c2169c0e4a59216e78a4906a66af8"
     repository:
       type: "git"
@@ -46,6 +51,7 @@ dependencies:
   - name: "AVH"
     license: "Apache-2.0"
     tpip-category: "category-2"
+    security-risk: "low"
     version: "ab37f6126c94fee7bbd061f77716745dfbb77592"
     repository:
       type: "git"
@@ -54,6 +60,7 @@ dependencies:
   - name: "freertos-pkcs11-psa"
     license: "MIT"
     tpip-category: "category-2"
+    security-risk: "low"
     version: "6caaf973920df9ae6823ef9be42f7e86aa91d168"
     repository:
       type: "git"
@@ -62,6 +69,7 @@ dependencies:
   - name: "freertos-ota-pal-psa"
     license: "MIT"
     tpip-category: "category-2"
+    security-risk: "low"
     version: "08e6c6eeb978f28d873f9a12c58882b88f1b7235"
     repository:
       type: "git"
@@ -70,6 +78,7 @@ dependencies:
   - name: "coreMQTT-Agent"
     license: "MIT"
     tpip-category: "category-2"
+    security-risk: "low"
     version: "v1.2.0"
     repository:
       type: "git"
@@ -78,6 +87,7 @@ dependencies:
   - name: "coreMQTT"
     license: "MIT"
     tpip-category: "category-2"
+    security-risk: "low"
     version: "v2.1.1"
     repository:
       type: "git"
@@ -86,6 +96,7 @@ dependencies:
   - name: "coreJSON"
     license: "MIT"
     tpip-category: "category-2"
+    security-risk: "low"
     version: "v3.2.0"
     repository:
       type: "git"
@@ -94,6 +105,7 @@ dependencies:
   - name: "corePKCS11"
     license: "MIT"
     tpip-category: "category-2"
+    security-risk: "low"
     version: "v3.5.0"
     repository:
       type: "git"
@@ -102,6 +114,7 @@ dependencies:
   - name: "coreSNTP"
     license: "MIT"
     tpip-category: "category-2"
+    security-risk: "low"
     version: "v1.2.0"
     repository:
       type: "git"
@@ -110,6 +123,7 @@ dependencies:
   - name: "backoffAlgorithm"
     license: "MIT"
     tpip-category: "category-2"
+    security-risk: "low"
     version: "v1.3.0"
     repository:
       type: "git"
@@ -118,6 +132,7 @@ dependencies:
   - name: "ota-for-aws-iot-embedded-sdk"
     license: "MIT"
     tpip-category: "category-2"
+    security-risk: "low"
     version: "v3.4.0"
     repository:
       type: "git"
@@ -126,6 +141,7 @@ dependencies:
   - name: "tinycbor"
     license: "MIT"
     tpip-category: "category-2"
+    security-risk: "low"
     version: "9924cfed3b95ad6de299ae675064430fdb886216"
     repository:
       type: "git"
@@ -134,6 +150,7 @@ dependencies:
   - name: "toolchains"
     license: "Apache-2.0"
     tpip-category: "category-2"
+    security-risk: "low"
     version: "f77e1ba2bb830f6950a88c34849cf3df9af4ad32"
     repository:
       type: "git"
@@ -142,6 +159,7 @@ dependencies:
   - name: "FreeRTOS-Libraries-Integration-Tests"
     license: "MIT"
     tpip-category: "category-2"
+    security-risk: "low"
     version: "202210.01"
     repository:
       type: "git"
@@ -150,6 +168,7 @@ dependencies:
   - name: "Unity"
     license: "MIT"
     tpip-category: "category-2"
+    security-risk: "low"
     version: "v2.5.2"
     repository:
       type: "git"
@@ -158,6 +177,7 @@ dependencies:
   - name: "FreeRTOS-Plus-TCP"
     license: "MIT"
     tpip-category: "category-2"
+    security-risk: "low"
     version: "ba4e25c350020abcb787a3a319fdf991bef70538"
     repository:
       type: "git"
@@ -166,6 +186,7 @@ dependencies:
   - name: "ml-embedded-evaluation-kit"
     license: "Apache-2.0"
     tpip-category: "category-2"
+    security-risk: "low"
     version: "24.05"
     repository:
       type: "git"
@@ -174,6 +195,7 @@ dependencies:
   - name: "speexdsp"
     license: "BSD-3-Clause"
     tpip-category: "category-2"
+    security-risk: "low"
     version: "738e17905e1ca2a1fa932ddd9c2a85d089f4e845"
     repository:
       type: "git"
@@ -182,6 +204,7 @@ dependencies:
   - name: "isp_mali-c55"
     license: "BSD-3-Clause"
     tpip-category: "category-2"
+    security-risk: "low"
     version: "r0p0_1.0"
     repository:
       type: "git"
@@ -190,6 +213,7 @@ dependencies:
   - name: "arm-2d"
     license: "Apache-2.0"
     tpip-category: "category-2"
+    security-risk: "low"
     version: "v1.1.5"
     repository:
       type: "git"
@@ -198,6 +222,7 @@ dependencies:
   - name: "Fake Function Framework"
     license: "MIT"
     tpip-category: "category-2"
+    security-risk: "low"
     version: "5111c61e1ef7848e3afd3550044a8cf4405f4199"
     repository:
       type: "git"
@@ -206,6 +231,7 @@ dependencies:
   - name: "GoogleTest"
     license: "BSD-3-Clause"
     tpip-category: "category-2"
+    security-risk: "low"
     version: "v1.15.2"
     repository:
       type: "git"

diff --git a/release_changes/202409241441.change.md b/release_changes/202409241441.change.md
@@ -0,0 +1 @@
+manifest: Add the `security-risk` attribute
diff --git a/tools/scripts/check_listed_dependencies.py b/tools/scripts/check_listed_dependencies.py
@@ -19,6 +19,7 @@ def main(manifest_file: str) -> None:
             - a TPIP category attribute
             - a version attribute
             - a path attribute
+            - a security risk attribute
     Args:
         manifest_file (str): Path to the YAML manifest file.
     """
@@ -56,6 +57,12 @@ def check_the_manifest(manifest_data: Dict) -> bool:
                 f" `tpip-category` attribute in the manifest file"
             )
             manifest_has_all_attributes = False
+        if "security-risk" not in dependency:
+            print(
+                f"Dependency '{dependency['name']}' is missing"
+                f" `security-risk` attribute in the manifest file"
+            )
+            manifest_has_all_attributes = False
         if "version" not in dependency:
             print(
                 f"Dependency '{dependency['name']}' is missing"