Better as a Clojure tool using tools.deps.alpha?

rm-hull / nvd-clojure

National Vulnerability Database dependency checker for Clojure projects

MIT License

275 stars 36 forks source link

Better as a Clojure tool using tools.deps.alpha? #108

Closed markaddleman closed 2 years ago

markaddleman commented 2 years ago

Given how sensitive nvd-clojure is to the classpath, I wonder if it would be better packaged as a Clojure tool using https://github.com/clojure/tools.deps.alpha ?

vemv commented 2 years ago

Hi @markaddleman!

Yes, it's the less delicate way. Since yesterday, thanks to @seancorfield 's work it is now offered:

https://github.com/rm-hull/nvd-clojure/tree/1.9.0#clojure-cli

I'll leave the 'legacy' ways (for t.deps and Lein alike) available for an extra few weeks, then stop offering them. Would appreciate a success report in the meantime.

Cheers - V

markaddleman commented 2 years ago

That's great! I'll give it a whirl soon

markaddleman commented 2 years ago

FWIW, I ran nvd as a clojure tool and it worked like a charm! Now, I have a few security reports to analyze and decide how to mitigate! Thanks!

vemv commented 2 years ago

🍻!

Remember you can pass a .json file under the config-filename option. This can include a suppression-file for ignoring stuff.

Here's an example: https://github.com/rm-hull/nvd-clojure/blob/40b2610c9d7eff1d08e5c2b4b09a60fec91a0c0b/.github/nvd-config.json