whatisgithub

What is yocto-lens?

prashantdivate/yocto-lens — explained in plain English

Analysis updated 2026-05-18

14GoAudience · developerComplexity · 2/5Setup · easy

In one sentence

Yocto Lens is a command-line tool that scans Yocto and OpenEmbedded build layers for security issues, style problems, and recipe errors before they break a build.

Mindmap

mindmap
  root((Yocto Lens))
    What it does
      Scans BitBake recipes
      Checks patches
      Style and security checks
    Tech stack
      Go
      BitBake
      Terminal UI
    Use cases
      Catch insecure URLs
      Find hardcoded credentials
      Enforce recipe conventions
    Audience
      Embedded developers

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

What do people build with it?

USE CASE 1

Scan a Yocto layer for hardcoded credentials, insecure HTTP URLs, and floating source revisions.

USE CASE 2

Enforce OpenEmbedded style conventions like required SUMMARY fields and colon-based override syntax.

USE CASE 3

Run headless in a CI pipeline and export results as JSON or SARIF for code review tooling.

What is it built with?

GoBitBakeJSONSARIF

How does it compare?

prashantdivate/yocto-lensgizmodata/adbc-driver-quackgokele/ovh
Stars141414
LanguageGoGoGo
Setup difficultyeasymoderatemoderate
Complexity2/53/53/5
Audiencedeveloperdeveloperops devops

Figures from each repo's GitHub metadata at analysis time.

How do you get it running?

Difficulty · easy Time to first run · 5min

Single cross-platform binary, no Docker or running Yocto build required.

So what is it?

Yocto Lens is a command-line tool that checks Yocto and OpenEmbedded layers for problems before they cause build failures or security issues. Yocto is the build system most commonly used to create custom Linux distributions for embedded hardware (routers, industrial devices, automotive systems, and similar). The layers it analyzes are the structured folder hierarchies that contain the recipes, patches, and configuration files describing what software to build and how. The tool scans three types of files: BitBake recipe files (.bb and .bbappend), patch files (.patch), and layer configuration files. For each, it runs different kinds of checks and reports findings through an interactive terminal interface with tabs for static analysis, style, and recipe health. You can also run it without the UI for use in automated build pipelines. The static analysis checks look for things that can cause real problems: a recipe that pins its source to a floating revision (which can silently change between builds), insecure HTTP URLs in source downloads, hardcoded credentials or API tokens left in metadata, absolute paths that would only work on the developer's machine, missing or broken layer compatibility declarations, and licenses that need attention such as GPLv3 inclusions or absent license checksums. The style checks enforce OpenEmbedded conventions: recipes should have SUMMARY and DESCRIPTION fields, variable assignments should follow a standard ordering, line lengths should stay within limits, and old-style override syntax (like _append and _prepend) should be updated to the newer colon-based form. Patch files are checked for required Upstream-Status and Signed-off-by headers. A single binary download covers Linux, macOS, and Windows. Pointing it at a layer folder is enough to start, no Docker, no environment variables, and no connection to a running Yocto build are required. Results can be exported as JSON or SARIF for integration with code-review and CI tooling.

Copy-paste prompts

Prompt 1
Run Yocto Lens against my layer folder and explain the static analysis findings it reports.
Prompt 2
Set up Yocto Lens in a CI pipeline in headless mode with SARIF output for code review.
Prompt 3
What does Yocto Lens check for in .patch files regarding Upstream-Status and Signed-off-by headers?
Prompt 4
Explain why a floating source revision in a BitBake recipe is flagged as a risk.

Frequently asked questions

What is yocto-lens?

Yocto Lens is a command-line tool that scans Yocto and OpenEmbedded build layers for security issues, style problems, and recipe errors before they break a build.

What language is yocto-lens written in?

Mainly Go. The stack also includes Go, BitBake, JSON.

How hard is yocto-lens to set up?

Setup difficulty is rated easy, with roughly 5min to a first successful run.

Who is yocto-lens for?

Mainly developer.

Open on GitHub → Ask about another repo

This repo across BitVibe Labs

Verify against the repo before relying on details.