diff mbox series

[10/18] ref-manual/variables.rst: document the SPDX_INCLUDE_VEX variable

Message ID 20260410-second-release-notes-6-0-v1-10-40213436c3ca@bootlin.com
State New
Headers show
Series Updates for upcoming Wrynose release | expand

Commit Message

Antonin Godard April 10, 2026, 2:43 p.m. UTC 
Added by commit b63f6f50458f ("classes/create-spdx-3.0: Add classes")
in OE-Core.

Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
---
 documentation/ref-manual/variables.rst | 14 ++++++++++++++
 1 file changed, 14 insertions(+)
diff mbox series

Patch

diff --git a/documentation/ref-manual/variables.rst b/documentation/ref-manual/variables.rst
index 653bdb1b4..89a5e632b 100644
--- a/documentation/ref-manual/variables.rst
+++ b/documentation/ref-manual/variables.rst
@@ -9563,6 +9563,20 @@  system and gives an overview of their function and contents.
       increases the SBOM size (potentially by several gigabytes for typical
       images).
 
+   :term:`SPDX_INCLUDE_VEX`
+      This option controls what `VEX <https://cyclonedx.org/capabilities/vex/>`__
+      information will be present in the output SPDX documents.
+
+      It can take three different values:
+
+      -  ``none``: disable all VEX data.
+
+      -  ``current`` (default): include VEX data for vulnerabilities not already
+         fixed in the upstream source code.
+
+      -  ``all``: get all known historical vulnerabilities, including those
+         already fixed upstream (warning: this can be large and slow).
+
    :term:`SPDX_INVOKED_BY`
       The base variable name describing the agent that invoked the build.
       Each ``Build`` object in the SPDX output is linked to this agent with an