manuals: document NVDCVE_API_KEY variable

Add brief documentation of NVDCVE_API_KEY variable, that was added in 4.2.3, and emphasize that its use results in lower NVD API request times. (From yocto-docs rev: 9c7b452441bad2d7c929383d4665dfddb8f7ea72) Signed-off-by: Noe Galea <ngalea@thegoodpenguin.co.uk> Reviewed-by: Michael Opdenacker <michael.opdenacker@bootlin.com> Reviewed-by: Andrew Murray <amurray@thegoodpenguin.co.uk> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Noe Galea <ngalea@thegoodpenguin.co.uk> 2024-05-17 20:27:24 +0100
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2024-05-29 20:58:49 +0100
commit: 66aac2588d7b28b28694af48eac6d9b368098ba2 (patch)
tree: eac4a41a33fb0ab5d0efbe7f9476d7ae59b7343b
parent: b392401b4628a0881071c0758c2565f77b92b0d3 (diff)
download: poky-66aac2588d7b28b28694af48eac6d9b368098ba2.tar.gz
2 files changed, 19 insertions, 0 deletions
diff --git a/documentation/dev-manual/vulnerabilities.rst b/documentation/dev-manual/vulnerabilities.rst
index 1bc2a85929..983d4ad3c6 100644
--- a/documentation/dev-manual/vulnerabilities.rst
+++ b/documentation/dev-manual/vulnerabilities.rst
@@ -57,6 +57,10 @@ applied and that the issue needs to be investigated. ``Ignored`` means that afte
 analysis, it has been deemed to ignore the issue as it for example affects
 the software component on a different operating system platform.
+By default, no NVD API key is used to retrieve data from the CVE database, which
+results in larger delays between NVD API requests. See the :term:`NVDCVE_API_KEY`
+documentation on how to request and set a NVD API key.
 After a build with CVE check enabled, reports for each compiled source recipe will be
 found in ``build/tmp/deploy/cve``.
diff --git a/documentation/ref-manual/variables.rst b/documentation/ref-manual/variables.rst
index 3f37f42f21..6b5b5c0762 100644
--- a/documentation/ref-manual/variables.rst
+++ b/documentation/ref-manual/variables.rst
@@ -5585,6 +5585,21 @@ system and gives an overview of their function and contents.
         NON_MULTILIB_RECIPES = "grub grub-efi make-mod-scripts ovmf u-boot"
+   :term:`NVDCVE_API_KEY`
+      The NVD API key used to retrieve data from the CVE database when
+      using :ref:`ref-classes-cve-check`.
+      By default, no API key is used, which results in larger delays between API
+      requests and limits the number of queries to the public rate limits posted
+      at the `NVD developer's page <https://nvd.nist.gov/developers/start-here>`__.
+      
+      NVD API keys can be requested through the
+      `Request an API Key <https://nvd.nist.gov/developers/request-an-api-key>`__
+      page. You can set this variable to the NVD API key in your ``local.conf`` file.
+      Example::
+          NVDCVE_API_KEY = "fe753&7a2-1427-347d-23ff-b2e2b7ca5f3"
   :term:`OBJCOPY`
      The minimal command and arguments to run ``objcopy``.
author	Noe Galea <ngalea@thegoodpenguin.co.uk>	2024-05-17 20:27:24 +0100
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2024-05-29 20:58:49 +0100
commit	66aac2588d7b28b28694af48eac6d9b368098ba2 (patch)
tree	eac4a41a33fb0ab5d0efbe7f9476d7ae59b7343b
parent	b392401b4628a0881071c0758c2565f77b92b0d3 (diff)
download	poky-66aac2588d7b28b28694af48eac6d9b368098ba2.tar.gz

diff --git a/documentation/dev-manual/vulnerabilities.rst b/documentation/dev-manual/vulnerabilities.rst index 1bc2a85929..983d4ad3c6 100644 --- a/documentation/dev-manual/vulnerabilities.rst +++ b/documentation/dev-manual/vulnerabilities.rst
@@ -57,6 +57,10 @@ applied and that the issue needs to be investigated. ``Ignored`` means that afte
57	analysis, it has been deemed to ignore the issue as it for example affects	57	analysis, it has been deemed to ignore the issue as it for example affects
58	the software component on a different operating system platform.	58	the software component on a different operating system platform.
59		59
		60	By default, no NVD API key is used to retrieve data from the CVE database, which
		61	results in larger delays between NVD API requests. See the :term:`NVDCVE_API_KEY`
		62	documentation on how to request and set a NVD API key.
		63
60	After a build with CVE check enabled, reports for each compiled source recipe will be	64	After a build with CVE check enabled, reports for each compiled source recipe will be
61	found in ``build/tmp/deploy/cve``.	65	found in ``build/tmp/deploy/cve``.
62		66


diff --git a/documentation/ref-manual/variables.rst b/documentation/ref-manual/variables.rst index 3f37f42f21..6b5b5c0762 100644 --- a/documentation/ref-manual/variables.rst +++ b/documentation/ref-manual/variables.rst
@@ -5585,6 +5585,21 @@ system and gives an overview of their function and contents.
5585		5585
5586	NON_MULTILIB_RECIPES = "grub grub-efi make-mod-scripts ovmf u-boot"	5586	NON_MULTILIB_RECIPES = "grub grub-efi make-mod-scripts ovmf u-boot"
5587		5587
		5588	:term:`NVDCVE_API_KEY`
		5589	The NVD API key used to retrieve data from the CVE database when
		5590	using :ref:`ref-classes-cve-check`.
		5591
		5592	By default, no API key is used, which results in larger delays between API
		5593	requests and limits the number of queries to the public rate limits posted
		5594	at the `NVD developer's page <https://nvd.nist.gov/developers/start-here>`__.
		5595
		5596	NVD API keys can be requested through the
		5597	`Request an API Key <https://nvd.nist.gov/developers/request-an-api-key>`__
		5598	page. You can set this variable to the NVD API key in your ``local.conf`` file.
		5599	Example::
		5600
		5601	NVDCVE_API_KEY = "fe753&7a2-1427-347d-23ff-b2e2b7ca5f3"
		5602
5588	:term:`OBJCOPY`	5603	:term:`OBJCOPY`
5589	The minimal command and arguments to run ``objcopy``.	5604	The minimal command and arguments to run ``objcopy``.
5590		5605