By using CVE_DB_INCR_UPDATE_AGE_THRES = CVE_DB_INCR_UPDATE_AGE_THRES = 6h, cve-check will do a NVD database full download if the database is older than 6h or reuse it un-updated if its younger than 6h. Since the metrics builder is scheduled every day, that will result in a daily full-download.
That will workaround NVD API limitations were some updates may be missed and the incrementaly updated database is not equivalent to a freshly downloaded database. Signed-off-by: Yoann Congal <yoann.con...@smile.fr> --- This patch depends on [PATCH 2/2] cve-update-nvd2-native: Add an age threshold for incremental update https://lists.openembedded.org/g/openembedded-core/message/197046 --- config.json | 1 + 1 file changed, 1 insertion(+) diff --git a/config.json b/config.json index fdf4052..763121a 100644 --- a/config.json +++ b/config.json @@ -1290,6 +1290,7 @@ "CVE_CHECK_FORMAT_JSON = '1'", "CVE_CHECK_SHOW_WARNINGS = '0'", "CVE_DB_UPDATE_INTERVAL = '21600'", + "CVE_DB_INCR_UPDATE_AGE_THRES = '21600'", "BB_SERVER_TIMEOUT = '0'" ], "step1" : { -- 2.39.2
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#62753): https://lists.yoctoproject.org/g/yocto/message/62753 Mute This Topic: https://lists.yoctoproject.org/mt/104913380/21656 Group Owner: yocto+ow...@lists.yoctoproject.org Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-