diff mbox series

[13/19] ref-manual/variables.rst: document CVE_CHECK_VEX_JUSTIFICATION

Message ID 20250729-release-note-5-3-first-bunch-v1-13-058971e37c93@bootlin.com
State New
Headers show
Series Updates from Poky master | expand

Commit Message

Antonin Godard July 29, 2025, 9:56 a.m. UTC 
Added by commit c0fa3d92cefa ("spdx30: Allow VEX Justification to be
configurable") in OE-Core.

Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
---
 documentation/ref-manual/variables.rst | 7 +++++++
 1 file changed, 7 insertions(+)
diff mbox series

Patch

diff --git a/documentation/ref-manual/variables.rst b/documentation/ref-manual/variables.rst
index d918446db..3369bf67f 100644
--- a/documentation/ref-manual/variables.rst
+++ b/documentation/ref-manual/variables.rst
@@ -2054,6 +2054,13 @@  system and gives an overview of their function and contents.
 
          CVE_CHECK_STATUSMAP[cpe-incorrect] = "Ignored"
 
+   :term:`CVE_CHECK_VEX_JUSTIFICATION`
+      Mapping variable for :term:`CVE_STATUS` reasons
+      (for example ``not-applicable-platform``) to :ref:`ref-classes-vex`
+      justifications. Should be set as follows::
+
+         CVE_CHECK_VEX_JUSTIFICATION[not-applicable-config] = "vulnerableCodeNotPresent"
+
    :term:`CVE_VERSION`
       In a recipe, defines the version used to match the recipe version
       against the version in the `NIST CVE database <https://nvd.nist.gov/>`__