summaryrefslogtreecommitdiffstats
path: root/documentation
diff options
context:
space:
mode:
authorNoe Galea <ngalea@thegoodpenguin.co.uk>2024-05-17 20:27:24 +0100
committerRichard Purdie <richard.purdie@linuxfoundation.org>2024-05-29 20:58:49 +0100
commit66aac2588d7b28b28694af48eac6d9b368098ba2 (patch)
treeeac4a41a33fb0ab5d0efbe7f9476d7ae59b7343b /documentation
parentb392401b4628a0881071c0758c2565f77b92b0d3 (diff)
downloadpoky-66aac2588d7b28b28694af48eac6d9b368098ba2.tar.gz
manuals: document NVDCVE_API_KEY variable
Add brief documentation of NVDCVE_API_KEY variable, that was added in 4.2.3, and emphasize that its use results in lower NVD API request times. (From yocto-docs rev: 9c7b452441bad2d7c929383d4665dfddb8f7ea72) Signed-off-by: Noe Galea <ngalea@thegoodpenguin.co.uk> Reviewed-by: Michael Opdenacker <michael.opdenacker@bootlin.com> Reviewed-by: Andrew Murray <amurray@thegoodpenguin.co.uk> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'documentation')
-rw-r--r--documentation/dev-manual/vulnerabilities.rst4
-rw-r--r--documentation/ref-manual/variables.rst15
2 files changed, 19 insertions, 0 deletions
diff --git a/documentation/dev-manual/vulnerabilities.rst b/documentation/dev-manual/vulnerabilities.rst
index 1bc2a85929..983d4ad3c6 100644
--- a/documentation/dev-manual/vulnerabilities.rst
+++ b/documentation/dev-manual/vulnerabilities.rst
@@ -57,6 +57,10 @@ applied and that the issue needs to be investigated. ``Ignored`` means that afte
57analysis, it has been deemed to ignore the issue as it for example affects 57analysis, it has been deemed to ignore the issue as it for example affects
58the software component on a different operating system platform. 58the software component on a different operating system platform.
59 59
60By default, no NVD API key is used to retrieve data from the CVE database, which
61results in larger delays between NVD API requests. See the :term:`NVDCVE_API_KEY`
62documentation on how to request and set a NVD API key.
63
60After a build with CVE check enabled, reports for each compiled source recipe will be 64After a build with CVE check enabled, reports for each compiled source recipe will be
61found in ``build/tmp/deploy/cve``. 65found in ``build/tmp/deploy/cve``.
62 66
diff --git a/documentation/ref-manual/variables.rst b/documentation/ref-manual/variables.rst
index 3f37f42f21..6b5b5c0762 100644
--- a/documentation/ref-manual/variables.rst
+++ b/documentation/ref-manual/variables.rst
@@ -5585,6 +5585,21 @@ system and gives an overview of their function and contents.
5585 5585
5586 NON_MULTILIB_RECIPES = "grub grub-efi make-mod-scripts ovmf u-boot" 5586 NON_MULTILIB_RECIPES = "grub grub-efi make-mod-scripts ovmf u-boot"
5587 5587
5588 :term:`NVDCVE_API_KEY`
5589 The NVD API key used to retrieve data from the CVE database when
5590 using :ref:`ref-classes-cve-check`.
5591
5592 By default, no API key is used, which results in larger delays between API
5593 requests and limits the number of queries to the public rate limits posted
5594 at the `NVD developer's page <https://nvd.nist.gov/developers/start-here>`__.
5595
5596 NVD API keys can be requested through the
5597 `Request an API Key <https://nvd.nist.gov/developers/request-an-api-key>`__
5598 page. You can set this variable to the NVD API key in your ``local.conf`` file.
5599 Example::
5600
5601 NVDCVE_API_KEY = "fe753&7a2-1427-347d-23ff-b2e2b7ca5f3"
5602
5588 :term:`OBJCOPY` 5603 :term:`OBJCOPY`
5589 The minimal command and arguments to run ``objcopy``. 5604 The minimal command and arguments to run ``objcopy``.
5590 5605