Automatically analyze unaffected Linux vulnerabilities by referencing kernel configs #7
Description
how do we ensure that a CONFIG item in Kconfig is not enabled in a future version of talos, so I suggest as a new issue to track the CONFIG_ parameter that caused this vulnerability and the tool can cross check with PKGS commit passed in, this way we make sure we never enable it back or if we need to enable, we have other mitigations in place
Yes, basically like govulncheck does some semantic analysis, we could add some domain-specific knowledge about Linux. This will need some design work to plumb all the data where needed, as well as format changes and coding to make it all work. Perhaps could be added as a new issue to improve on the vex tool!
Originally posted by @frezbo in #5 (comment)