manuals: document NVDCVE_API_KEY variable

Add brief documentation of NVDCVE_API_KEY variable, that was added in 4.2.3, and emphasize that its use results in lower NVD API request times. (From yocto-docs rev: 9c7b452441bad2d7c929383d4665dfddb8f7ea72) Signed-off-by: Noe Galea <ngalea@thegoodpenguin.co.uk> Reviewed-by: Michael Opdenacker <michael.opdenacker@bootlin.com> Reviewed-by: Andrew Murray <amurray@thegoodpenguin.co.uk> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Noe Galea <ngalea@thegoodpenguin.co.uk> 2024-05-17 20:27:24 +0100
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2024-05-29 20:58:49 +0100
commit: 66aac2588d7b28b28694af48eac6d9b368098ba2 (patch)
tree: eac4a41a33fb0ab5d0efbe7f9476d7ae59b7343b /documentation/dev-manual
parent: b392401b4628a0881071c0758c2565f77b92b0d3 (diff)
download: poky-66aac2588d7b28b28694af48eac6d9b368098ba2.tar.gz
1 files changed, 4 insertions, 0 deletions
diff --git a/documentation/dev-manual/vulnerabilities.rst b/documentation/dev-manual/vulnerabilities.rst
index 1bc2a85929..983d4ad3c6 100644
--- a/documentation/dev-manual/vulnerabilities.rst
+++ b/documentation/dev-manual/vulnerabilities.rst
@@ -57,6 +57,10 @@ applied and that the issue needs to be investigated. ``Ignored`` means that afte
 analysis, it has been deemed to ignore the issue as it for example affects
 the software component on a different operating system platform.
+By default, no NVD API key is used to retrieve data from the CVE database, which
+results in larger delays between NVD API requests. See the :term:`NVDCVE_API_KEY`
+documentation on how to request and set a NVD API key.
 After a build with CVE check enabled, reports for each compiled source recipe will be
 found in ``build/tmp/deploy/cve``.
author	Noe Galea <ngalea@thegoodpenguin.co.uk>	2024-05-17 20:27:24 +0100
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2024-05-29 20:58:49 +0100
commit	66aac2588d7b28b28694af48eac6d9b368098ba2 (patch)
tree	eac4a41a33fb0ab5d0efbe7f9476d7ae59b7343b /documentation/dev-manual
parent	b392401b4628a0881071c0758c2565f77b92b0d3 (diff)
download	poky-66aac2588d7b28b28694af48eac6d9b368098ba2.tar.gz

diff --git a/documentation/dev-manual/vulnerabilities.rst b/documentation/dev-manual/vulnerabilities.rst index 1bc2a85929..983d4ad3c6 100644 --- a/documentation/dev-manual/vulnerabilities.rst +++ b/documentation/dev-manual/vulnerabilities.rst
@@ -57,6 +57,10 @@ applied and that the issue needs to be investigated. ``Ignored`` means that afte
57	analysis, it has been deemed to ignore the issue as it for example affects	57	analysis, it has been deemed to ignore the issue as it for example affects
58	the software component on a different operating system platform.	58	the software component on a different operating system platform.
59		59
		60	By default, no NVD API key is used to retrieve data from the CVE database, which
		61	results in larger delays between NVD API requests. See the :term:`NVDCVE_API_KEY`
		62	documentation on how to request and set a NVD API key.
		63
60	After a build with CVE check enabled, reports for each compiled source recipe will be	64	After a build with CVE check enabled, reports for each compiled source recipe will be
61	found in ``build/tmp/deploy/cve``.	65	found in ``build/tmp/deploy/cve``.
62		66