docs: Add extra sentence about nvd_api_key

For the weeks before the 3.3 release happens, add an extra sentence about the api key. Signed-off-by: Terri Oda <terri.oda@intel.com>
terriko · Oct 19, 2023 · 54e7b68 · 54e7b68
1 parent 36d1e23
commit 54e7b68
Showing 1 changed file with 2 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -75,6 +75,8 @@ Pip will install the python requirements for you, but for some types of extracti
 
 On first usage (and by default, once per day) The tool will download vulnerability data from [a set of known vulnerability data sources](https://github.com/intel/cve-bin-tool/blob/main/doc/MANUAL.md#data-sources).  Due to reliability issues with NVD, as of release 3.3 we will be using our own NVD mirror at [https://cveb.in/](https://cveb.in/) by default rather than contact NVD directly.  If you wish to get data directly from the NVD servers you must [provide your own NVD_API_KEY](https://github.com/intel/cve-bin-tool/blob/main/doc/MANUAL.md#--nvd-api-key-nvd_api_key) to use their API.
 
+If you are using a release prior to 3.3 that does not use our mirror, please use an NVD_API_KEY as described above.
+
 ## Most popular usage options
 
 ### Finding known vulnerabilities using the binary scanner