You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: README.md
+9-9Lines changed: 9 additions & 9 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -599,18 +599,18 @@ Web servers and other standalone services run with Clojure CLI
599
599
600
600
## Security
601
601
602
-
> DEPRECATED: `:security/nvd`
603
-
> Using clojure-nvd via an alias [checks for security issues in clojure-nvd and its dependencies as they merged into the classpath](https://github.com/practicalli/clojure-cli-config/pull/31).
604
-
>
605
-
> The maintainer of clojure-nvd [suggested several ways to avoid classpath interference](https://github.com/rm-hull/nvd-clojure#avoiding-classpath-interference)
602
+
`:security/nvd-scan` and `:security/ndv-fix` adds [clj-watson](https://github.com/clj-holmes/clj-watson) tool
606
603
607
-
*`:service/nvd` - check library dependencies of a project against the [National Vulnerability Database](https://nvd.nist.gov/) using [nvd-clojure](https://github.com/rm-hull/nvd-clojure)
604
+
The alias requires an [API Key to access the NIST National Vulnerability Database (NVD)](https://nvd.nist.gov/developers/request-an-api-key).
|`clojure -T:security/nvd "" "$(clojure -Spath)"`| check all jar files on the class path for security vulnerabilities |
606
+
`CLJ_WATSON_NVD_API_KEY` environment variable should be set to the value of the API Key, e.g via `.bashrc` or `.zshenv` file.
612
607
613
-
> The first "" is required argument and can contain a filename to a json file of additional configuration. The second argument, `"$(clojure -Spath)"`, passes the project classpath to be analysed as a string.
0 commit comments