On Fri, Feb 07, 2025 at 02:45:24PM +0100, Roland Hieber wrote: > Signed-off-by: Roland Hieber <[email protected]> > --- > doc/ref_make_variables.rst | 6 ++++++ > 1 file changed, 6 insertions(+) > > diff --git a/doc/ref_make_variables.rst b/doc/ref_make_variables.rst > index 358701aab9e2..1c2f24b0db4d 100644 > --- a/doc/ref_make_variables.rst > +++ b/doc/ref_make_variables.rst > @@ -256,6 +256,12 @@ Package Definition > UTF-8 files the encoding can be specified with ``encoding=<enc>``. > See the section :ref:`licensing_in_packages` for more information. > > +``<PKG>_CVE_PRODUCT``, ``<PKG>_CVE_VERSION`` > + The product ID and the version number used in the `CVE Database > + <https://www.cve.org>`__, used for generating SBoM reports. > + These variables only need to be set if their values differ from ``<PKG>`` > and > + ``$(<PKG>_VERSION)`` respectively.
<PKG>_CVE_PRODUCT can be <vendor>:<product> if necessary, and it can be a list if multiple vendor/product combinations are needed. I think that should be documented as well :-)... Michael > + > For most packages the variables described above are undefined by default. > However, for cross and host packages these variables default to the value > of the corresponding target package if it exists. > -- > 2.39.5 > > > -- Pengutronix e.K. | | Steuerwalder Str. 21 | http://www.pengutronix.de/ | 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 | Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
