Signed-off-by: Roland Hieber <[email protected]> --- v2: * separate blocks for each variable * mention <vendor>:<product> syntax and multiple values --- doc/ref_make_variables.rst | 13 +++++++++++++ 1 file changed, 13 insertions(+)
diff --git a/doc/ref_make_variables.rst b/doc/ref_make_variables.rst index 358701aab9e2..bfd01098f517 100644 --- a/doc/ref_make_variables.rst +++ b/doc/ref_make_variables.rst @@ -256,6 +256,19 @@ Package Definition UTF-8 files the encoding can be specified with ``encoding=<enc>``. See the section :ref:`licensing_in_packages` for more information. +``<PKG>_CVE_PRODUCT`` + The product ID in the `CVE Database <https://www.cve.org>`__, used for + generating SBoM reports. + It can be of the form ``<vendor>:<product>`` and contain multiple values + separated by spaces if necessary. + If not set, it defaults to ``<PKG>``. + +``<PKG>_CVE_VERSION`` + The version number in the `CVE Database <https://www.cve.org>`__, used for + generating SBoM reports. + If not set, it defaults to ``$(<PKG>_VERSION)``. + + For most packages the variables described above are undefined by default. However, for cross and host packages these variables default to the value of the corresponding target package if it exists. -- 2.39.5
