Set defaultLogLevel to warn

[elzibubble]

Otherwise the actual report is buried by INFO logs.

[vemv]

Thanks for the suggestion!

I'll consider this / experiment with it. Generally it's quite desirable to see what DependencyCheck is doing, especially as it sometimes can hang.

[vemv]

So, I think the INFO logs, while verbose, supply information that can be useful for debugging issues. Understanding the basics of what DependencyCheck exactly does isn't bad either.

You can certainly create your own simplelogger.properties file, which will take precedence if it's ahead in the classpath (which is easily achieved by adding this file to your project's Lein :resources or tools.deps :paths).

Thanks again for raising the topic.

[danielcompton]

If you're using Clojure Tools, you can do this with something like:

clojure -J-Dclojure.main.report=stderr -Sdeps '{:paths ["resources/"]}' -Tnvd nvd.task/check :config-filename \"nvd-config.json\" :classpath \"(clojure -Spath)\"

# See: https://www.slf4j.org/api/org/slf4j/impl/SimpleLogger.html
org.slf4j.simpleLogger.showShortLogName = true
org.slf4j.simpleLogger.showThreadName = false
org.slf4j.simpleLogger.showDateTime = false
org.slf4j.simpleLogger.dateTimeFormat = '['HH:mm:ss.SSS']'
org.slf4j.simpleLogger.levelInBrackets = true
org.slf4j.simpleLogger.log.org.apache.commons=error

Or provide it as a property directly:

clojure -J-Dclojure.main.report=stderr -J-Dorg.slf4j.simpleLogger.log.org.apache.commons=error # ...

I wonder if increasing the logging level just for apache.commons might be a good compromise. Doing this on our project, the lines of output went from 139 to 55.

[vemv]

I wonder if increasing the logging level just for apache.commons might be a good compromise. Doing this on our project, the lines of output went from 139 to 55.

Sounds reasonable. I'll have to check what the lines in question say.

Logging for other specific Java packages might be also OK to alter, it all depends on what they do.