Problem
The pr-cve-check workflow fails on all PRs targeting master-next with:
ParseError in configuration INHERITs: Could not inherit file classes/cve-check.bbclass
Root Cause
OE-core master removed cve-check.bbclass on March 31, 2026 in commit 00de455 by Ross Burton. The class has been replaced by sbom-cve-check (Bootlin).
Our workflow clones OE-core at master HEAD and uses INHERIT += "cve-check", which no longer exists.
Impact
- All PRs to
master-next have a failing pr-cve-check status
- No CVE scanning on PRs until fixed
- The
nightly-cve-check workflow is likely also affected
Fix
Migrate pr-cve-check.yml (and nightly-cve-check.yml if affected) to use sbom-cve-check which is now integrated into OE-core via the SPDX classes.
Key changes needed:
- Replace
INHERIT += "cve-check" with the sbom-cve-check equivalent
- Replace
bitbake -c cve_check with the new scanning command
- Update result parsing (output format may differ)
Workaround
The pr-cve-check workflow has been temporarily disabled until migration is complete.
References
Problem
The
pr-cve-checkworkflow fails on all PRs targetingmaster-nextwith:Root Cause
OE-core master removed
cve-check.bbclasson March 31, 2026 in commit00de455by Ross Burton. The class has been replaced bysbom-cve-check(Bootlin).Our workflow clones OE-core at
masterHEAD and usesINHERIT += "cve-check", which no longer exists.Impact
master-nexthave a failingpr-cve-checkstatusnightly-cve-checkworkflow is likely also affectedFix
Migrate
pr-cve-check.yml(andnightly-cve-check.ymlif affected) to usesbom-cve-checkwhich is now integrated into OE-core via the SPDX classes.Key changes needed:
INHERIT += "cve-check"with the sbom-cve-check equivalentbitbake -c cve_checkwith the new scanning commandWorkaround
The
pr-cve-checkworkflow has been temporarily disabled until migration is complete.References
00de455f8d3aeca880129d23e8cfb7e246404699