mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-05-07 16:59:22 +00:00
Code Issues Projects Releases Wiki Activity

manuals: document NVDCVE_API_KEY variable

Browse Source 
Add brief documentation of NVDCVE_API_KEY variable, that was added
in 4.2.3, and emphasize that its use results in lower NVD API request
times.

(From yocto-docs rev: 9c7b452441bad2d7c929383d4665dfddb8f7ea72)

Signed-off-by: Noe Galea <ngalea@thegoodpenguin.co.uk>
Reviewed-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Reviewed-by: Andrew Murray <amurray@thegoodpenguin.co.uk>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
Noe Galea
2024-05-17 20:27:24 +01:00
committed by Richard Purdie
parent b392401b46
commit 66aac2588d
2 changed files with 19 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
documentation/dev-manual/vulnerabilities.rst
+4
View File
@@ -57,6 +57,10 @@ applied and that the issue needs to be investigated. ``Ignored`` means that afte
analysis, it has been deemed to ignore the issue as it for example affects
the software component on a different operating system platform.
By default, no NVD API key is used to retrieve data from the CVE database, which
results in larger delays between NVD API requests. See the :term:`NVDCVE_API_KEY`
documentation on how to request and set a NVD API key.
After a build with CVE check enabled, reports for each compiled source recipe will be
found in ``build/tmp/deploy/cve``.
documentation/ref-manual/variables.rst
+15
View File
@@ -5585,6 +5585,21 @@ system and gives an overview of their function and contents.
NON_MULTILIB_RECIPES = "grub grub-efi make-mod-scripts ovmf u-boot"
:term:`NVDCVE_API_KEY`
The NVD API key used to retrieve data from the CVE database when
using :ref:`ref-classes-cve-check`.
By default, no API key is used, which results in larger delays between API
requests and limits the number of queries to the public rate limits posted
at the `NVD developer's page <https://nvd.nist.gov/developers/start-here>`__.
NVD API keys can be requested through the
`Request an API Key <https://nvd.nist.gov/developers/request-an-api-key>`__
page. You can set this variable to the NVD API key in your ``local.conf`` file.
Example::
NVDCVE_API_KEY = "fe753&7a2-1427-347d-23ff-b2e2b7ca5f3"
:term:`OBJCOPY`
The minimal command and arguments to run ``objcopy``.