Closed markaddleman closed 2 years ago
Hi @markaddleman!
Yes, it's the less delicate way. Since yesterday, thanks to @seancorfield 's work it is now offered:
https://github.com/rm-hull/nvd-clojure/tree/1.9.0#clojure-cli
I'll leave the 'legacy' ways (for t.deps and Lein alike) available for an extra few weeks, then stop offering them. Would appreciate a success report in the meantime.
Cheers - V
That's great! I'll give it a whirl soon
FWIW, I ran nvd as a clojure tool and it worked like a charm! Now, I have a few security reports to analyze and decide how to mitigate! Thanks!
🍻!
Remember you can pass a .json file under the config-filename
option. This can include a suppression-file for ignoring stuff.
Here's an example: https://github.com/rm-hull/nvd-clojure/blob/40b2610c9d7eff1d08e5c2b4b09a60fec91a0c0b/.github/nvd-config.json
Given how sensitive nvd-clojure is to the classpath, I wonder if it would be better packaged as a Clojure tool using https://github.com/clojure/tools.deps.alpha ?