2 files changed, 15 insertions, 0 deletions

diff --git a/documentation/dev-manual/start.rst b/documentation/dev-manual/start.rst
index 386e5f5d29..05827610b7 100644
--- a/documentation/dev-manual/start.rst
+++ b/documentation/dev-manual/start.rst
@@ -853,3 +853,14 @@ similar to checking out by branch name except you use tag names.
    ``checkout`` command are a snapshot of the "&DISTRO_NAME_NO_CAP;"
    development branch at the point where Yocto Project &DISTRO; was
    released.
+
+Initializing the Build Environment
+==================================
+
+Before you can use Yocto you need to setup the build environment.
+From within the ``poky`` directory, source the :ref:`ref-manual/structure:\`\`oe-init-build-env\`\`` environment
+setup script to define Yocto Project's build environment on your build host::
+    
+    $ source oe-init-build-env 
+
+Note, that this step will have to be repeated every time you open a new shell.
diff --git a/documentation/dev-manual/vulnerabilities.rst b/documentation/dev-manual/vulnerabilities.rst
index 1bc2a85929..983d4ad3c6 100644
--- a/documentation/dev-manual/vulnerabilities.rst
+++ b/documentation/dev-manual/vulnerabilities.rst
@@ -57,6 +57,10 @@ applied and that the issue needs to be investigated. ``Ignored`` means that afte
 analysis, it has been deemed to ignore the issue as it for example affects
 the software component on a different operating system platform.
 
+By default, no NVD API key is used to retrieve data from the CVE database, which
+results in larger delays between NVD API requests. See the :term:`NVDCVE_API_KEY`
+documentation on how to request and set a NVD API key.
+
 After a build with CVE check enabled, reports for each compiled source recipe will be
 found in ``build/tmp/deploy/cve``.