1 files changed, 4 insertions, 0 deletions
diff --git a/documentation/dev-manual/vulnerabilities.rst b/documentation/dev-manual/vulnerabilities.rst
index 1bc2a85929..983d4ad3c6 100644
--- a/documentation/dev-manual/vulnerabilities.rst
+++ b/documentation/dev-manual/vulnerabilities.rst
@@ -57,6 +57,10 @@ applied and that the issue needs to be investigated. ``Ignored`` means that afte
 analysis, it has been deemed to ignore the issue as it for example affects
 the software component on a different operating system platform.
+By default, no NVD API key is used to retrieve data from the CVE database, which
+results in larger delays between NVD API requests. See the :term:`NVDCVE_API_KEY`
+documentation on how to request and set a NVD API key.
 After a build with CVE check enabled, reports for each compiled source recipe will be
 found in ``build/tmp/deploy/cve``.

diff --git a/documentation/dev-manual/vulnerabilities.rst b/documentation/dev-manual/vulnerabilities.rst index 1bc2a85929..983d4ad3c6 100644 --- a/documentation/dev-manual/vulnerabilities.rst +++ b/documentation/dev-manual/vulnerabilities.rst
@@ -57,6 +57,10 @@ applied and that the issue needs to be investigated. ``Ignored`` means that afte
57	analysis, it has been deemed to ignore the issue as it for example affects	57	analysis, it has been deemed to ignore the issue as it for example affects
58	the software component on a different operating system platform.	58	the software component on a different operating system platform.
59		59
		60	By default, no NVD API key is used to retrieve data from the CVE database, which
		61	results in larger delays between NVD API requests. See the :term:`NVDCVE_API_KEY`
		62	documentation on how to request and set a NVD API key.
		63
60	After a build with CVE check enabled, reports for each compiled source recipe will be	64	After a build with CVE check enabled, reports for each compiled source recipe will be
61	found in ``build/tmp/deploy/cve``.	65	found in ``build/tmp/deploy/cve``.
62		66