Message ID | 20240517192724.7519-1-ngalea@thegoodpenguin.co.uk |
---|---|
State | New |
Headers | show |
Series | manuals: document NVDCVE_API_KEY variable | expand |
Hi Noe, On Fri, 17 May 2024 at 20:27, Noe Galea via lists.yoctoproject.org <ngalea=thegoodpenguin.co.uk@lists.yoctoproject.org> wrote: > > Add brief documentation of NVDCVE_API_KEY variable, that was added > in 4.2.3, and emphasize that its use results in lower NVD API request > times. > > Signed-off-by: Noe Galea <ngalea@thegoodpenguin.co.uk> Reviewed-by: Andrew Murray <amurray@thegoodpenguin.co.uk>
Hi Noe On 5/17/24 at 00:57, Noe Galea wrote: > Add brief documentation of NVDCVE_API_KEY variable, that was added > in 4.2.3, and emphasize that its use results in lower NVD API request > times. > > Signed-off-by: Noe Galea <ngalea@thegoodpenguin.co.uk> > --- > documentation/dev-manual/vulnerabilities.rst | 4 ++++ > documentation/ref-manual/variables.rst | 15 +++++++++++++++ > 2 files changed, 19 insertions(+) Many thanks for this update! Reviewed-by: Michael Opdenacker <michael.opdenacker@bootlin.com> Merged into master-next. Cheers Michael.
diff --git a/documentation/dev-manual/vulnerabilities.rst b/documentation/dev-manual/vulnerabilities.rst index 1bc2a8592..983d4ad3c 100644 --- a/documentation/dev-manual/vulnerabilities.rst +++ b/documentation/dev-manual/vulnerabilities.rst @@ -57,6 +57,10 @@ applied and that the issue needs to be investigated. ``Ignored`` means that afte analysis, it has been deemed to ignore the issue as it for example affects the software component on a different operating system platform. +By default, no NVD API key is used to retrieve data from the CVE database, which +results in larger delays between NVD API requests. See the :term:`NVDCVE_API_KEY` +documentation on how to request and set a NVD API key. + After a build with CVE check enabled, reports for each compiled source recipe will be found in ``build/tmp/deploy/cve``. diff --git a/documentation/ref-manual/variables.rst b/documentation/ref-manual/variables.rst index 3f37f42f2..6b5b5c076 100644 --- a/documentation/ref-manual/variables.rst +++ b/documentation/ref-manual/variables.rst @@ -5585,6 +5585,21 @@ system and gives an overview of their function and contents. NON_MULTILIB_RECIPES = "grub grub-efi make-mod-scripts ovmf u-boot" + :term:`NVDCVE_API_KEY` + The NVD API key used to retrieve data from the CVE database when + using :ref:`ref-classes-cve-check`. + + By default, no API key is used, which results in larger delays between API + requests and limits the number of queries to the public rate limits posted + at the `NVD developer's page <https://nvd.nist.gov/developers/start-here>`__. + + NVD API keys can be requested through the + `Request an API Key <https://nvd.nist.gov/developers/request-an-api-key>`__ + page. You can set this variable to the NVD API key in your ``local.conf`` file. + Example:: + + NVDCVE_API_KEY = "fe753&7a2-1427-347d-23ff-b2e2b7ca5f3" + :term:`OBJCOPY` The minimal command and arguments to run ``objcopy``.
Add brief documentation of NVDCVE_API_KEY variable, that was added in 4.2.3, and emphasize that its use results in lower NVD API request times. Signed-off-by: Noe Galea <ngalea@thegoodpenguin.co.uk> --- documentation/dev-manual/vulnerabilities.rst | 4 ++++ documentation/ref-manual/variables.rst | 15 +++++++++++++++ 2 files changed, 19 insertions(+)