add support for cve metadata coming from yocto cve-check
to add such support, we need to take into consideration two issues:
- https://lists.openembedded.org/g/openembedded-core/message/171653 (CVE check may be incomplete for some builds depending on random connection problems to NIST db, so we need to aggregate data from different builds based on this assumption)
- CVE metadata gets updated frequently in NIST db (including old CVEs metadata), so it may happen (it actually did, in our tests) that metadata gets updated between one build and another, and generated cve data may therefore differ; in such case, we should detect this change and keep only the latest version)
fix #20 (closed)
Edited by Alberto Pianon