From 801c23ba69b9277e5b25d32593f6ad696d8dcf55 Mon Sep 17 00:00:00 2001
From: Antonin Godard <antonin.godard@bootlin.com>
Date: Tue, 25 Mar 2025 10:20:51 +0100
Subject: ref-manual/variables.rst: document the NVD_DB_VERSION variable

This variable allows choosing the CVE feed when using the cve-check
class.

(From yocto-docs rev: 639ea86c5034d7706faf14a2ff52b603c3ccd905)

Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---
 documentation/ref-manual/variables.rst | 12 ++++++++++++
 1 file changed, 12 insertions(+)

(limited to 'documentation')

diff --git a/documentation/ref-manual/variables.rst b/documentation/ref-manual/variables.rst
index d5fec650cb..597b0d031c 100644
--- a/documentation/ref-manual/variables.rst
+++ b/documentation/ref-manual/variables.rst
@@ -5853,6 +5853,18 @@ system and gives an overview of their function and contents.
 
          NON_MULTILIB_RECIPES = "grub grub-efi make-mod-scripts ovmf u-boot"
 
+   :term:`NVD_DB_VERSION`
+      The :term:`NVD_DB_VERSION` variable allows choosing the CVE feed when
+      using the :ref:`ref-classes-cve-check` class. It can be one of:
+
+      -  ``NVD2`` (default): the NVD feed with API version 2
+      -  ``FKIE``: the `FKIE-CAD <https://github.com/fkie-cad/nvd-json-data-feeds>`__
+         feed reconstruction
+      -  ``NVD1``: the NVD JSON feed (deprecated)
+
+      In case of a malformed feed name, the ``NVD2`` feed is selected and an
+      error is printed.
+
    :term:`NVDCVE_API_KEY`
       The NVD API key used to retrieve data from the CVE database when
       using :ref:`ref-classes-cve-check`.
-- 
cgit v1.2.3-54-g00ecf