miikka
commented
3 years ago Hi, I don't really understand what you're asking for, but this was basically an experiment and I'm not really maintaining it right now. If you (or somebody else) feel like forking it and implementing whatever needed to make it truly deliver value, I encourage you to go ahead. It would be great to have "deps.edn native" dependency vulnerability scanner.
I'm just wondering if this repo is adding any value? I don't think so right now but it could...
As a user of lein-nvd I would be happier to have something like this which understood the way tools.deps works more natively. For example I cannot set the project name in lein-nvd.
Also nvd brings dependencies that have CVEs and it's hard to untangle. In theory at least, with tools.deps a path could be calculated which obviates this serious problem.
https://github.com/rm-hull/lein-nvd/issues/46
Anyway - if these don't tickle your fancy, no worries. Just thought I'd make some suggestions.