When using YOCTO for building your software there always comes the point where everything is woven together to something bigger - usually all your recipes are put together to an image, which can be used directly for booting an embedded device. As this is the final step, extra care should be taken when it comes to checking on security. On an recipe level you can make your component as fortified as you could imagine, if another component doesn't care about security at all, your whole concept will fall into pieces. So how do I check on security when an image is created? What do I need check for? Are there any helpful tools around, which can support me? To answer the last question first - YES there are some very useful tools around, for instance ansible . Ansible is a very flexible, extendable batch processor, which can automate most of the administrative tasks quite convenient. The result of a YOCTO build is mostly an more or less fully featured Linux system, you can