By using CVE_DB_INCR_UPDATE_AGE_THRES = CVE_DB_INCR_UPDATE_AGE_THRES = 6h,
cve-check will do a NVD database full download if the database is older
than 6h or reuse it un-updated if its younger than 6h. Since the metrics
builder is scheduled every day, that will result in a daily
full-download.

That will workaround NVD API limitations were some updates may be missed
and the incrementaly updated database is not equivalent to a freshly
downloaded database.

Signed-off-by: Yoann Congal <yoann.con...@smile.fr>

---
This patch depends on [PATCH 2/2] cve-update-nvd2-native: Add an age threshold 
for incremental update
https://lists.openembedded.org/g/openembedded-core/message/197046
---
 config.json | 1 +
 1 file changed, 1 insertion(+)

diff --git a/config.json b/config.json
index fdf4052..763121a 100644
--- a/config.json
+++ b/config.json
@@ -1290,6 +1290,7 @@
                 "CVE_CHECK_FORMAT_JSON = '1'",
                 "CVE_CHECK_SHOW_WARNINGS = '0'",
                 "CVE_DB_UPDATE_INTERVAL = '21600'",
+                "CVE_DB_INCR_UPDATE_AGE_THRES = '21600'",
                 "BB_SERVER_TIMEOUT = '0'"
             ],
             "step1" : {
-- 
2.39.2

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#62753): https://lists.yoctoproject.org/g/yocto/message/62753
Mute This Topic: https://lists.yoctoproject.org/mt/104913380/21656
Group Owner: yocto+ow...@lists.yoctoproject.org
Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to