meta-arm/ci/cve.yml

# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json

header:
  version: 14

local_conf_header:
  cve: |
    INHERIT += "cve-check"

    # Allow the runner environment to provide an API key
    NVDCVE_API_KEY = "${@d.getVar('BB_ORIGENV').getVar('NVDCVE_API_KEY') or ''}"

    # Just show the warnings for our layers
    CVE_CHECK_SHOW_WARNINGS = "0"
    CVE_CHECK_SHOW_WARNINGS:layer-arm-toolchain = "1"
    CVE_CHECK_SHOW_WARNINGS:layer-meta-arm = "1"
    CVE_CHECK_SHOW_WARNINGS:layer-meta-arm-bsp = "1"

    # Ignore the kernel, we sometime carry kernels in meta-arm
    CVE_CHECK_SHOW_WARNINGS:pn-linux-yocto = "0"