diff --git a/ci/cve.yml b/ci/cve.yml
new file mode 100644
index 00000000..381f8557
--- /dev/null
+++ b/ci/cve.yml
@@ -0,0 +1,16 @@
+header:
+  version: 14
+
+local_conf_header:
+  cve: |
+    INHERIT += "cve-check"
+
+    # Just show the warnings for our layers
+    CVE_CHECK_SHOW_WARNINGS = "0"
+    CVE_CHECK_SHOW_WARNINGS:layer-arm-toolchain = "1"
+    CVE_CHECK_SHOW_WARNINGS:layer-meta-arm = "1"
+    CVE_CHECK_SHOW_WARNINGS:layer-meta-arm-bsp = "1"
+    CVE_CHECK_SHOW_WARNINGS:layer-meta-arm-systemready = "1"
+
+    # Ignore the kernel, we sometime carry kernels in meta-arm
+    CVE_CHECK_SHOW_WARNINGS:pn-linux-yocto = "0"