cve-bin-tool
cve-bin-tool copied to clipboard
docs: save the NVD api key for future use
when a user runs the tool with an api key (nvd), it would be really great if we save that api key for future use, so that when the user runs the tool again he/she will not have to specify the api key again.
This is already possible in two ways:
- Set the NVD_API_KEY as an environment variable (on linux:
export NVD_API_KEY=your-key-here
, put it in .profile or something) - Set the NVD_API_KEY in the config file
Do we need to document that more clearly somewhere?
That last question was kind of rhetorical. We always need more docs. :)
Anyhow, the environment variable and config file options could both be mentioned here: https://cve-bin-tool.readthedocs.io/en/latest/MANUAL.html#nvd-api-key-nvd-api-key
The config file stuff is kind of buried elsewhere and although we use the environment variable in CI in order to use github secrets (and I use it in bash all the time) it's quite easy for someone to miss. Since this is the thing people are mostly likely to want to use, we should just go ahead and mention it in the manual where the flag is described.
I'm going to flag this as an easy docs bug for someone, though you might have to do a bit of reading to give a nice config file example.
Can I try working on this? Where should I do the reading for the config file part?
@Kaushik-Iyer please feel free to work on it! the config file examples are here: https://github.com/intel/cve-bin-tool/blob/main/doc/MANUAL.md#-c-config---config-config
Unfortunately, our example files predate the NVD API Key option, so they'll need some updates too.
Let us know if you get stuck!
Hey, I would like to work on this issue.
Regarding the config file, I found these 2 -
-
https://github.com/intel/cve-bin-tool/blob/main/.github/workflows/update-cache.yml (LINE - 12)
-
https://github.com/intel/cve-bin-tool/blob/main/.github/workflows/testing.yml (LINE - 21)
which one of the above is to be configured for the NVD_API_KEY?
@rootxrishabh those are github actions config files and they're already configured to use the NVD API Key when available.
This issue needs someone to update the documentation with information on configuring the cve-bin-tool config file, which is described here: https://github.com/intel/cve-bin-tool/blob/main/doc/MANUAL.md#-c-config---config-config
I have opened a PR regarding this issue please take a look. #2575