Skip to content

Commit

Permalink
readme: description of :security/nvd- aliases
Browse files Browse the repository at this point in the history
  • Loading branch information
practicalli-johnny committed Nov 2, 2024
1 parent 089201f commit fd5c51a
Showing 1 changed file with 9 additions and 9 deletions.
18 changes: 9 additions & 9 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -599,18 +599,18 @@ Web servers and other standalone services run with Clojure CLI
## Security

> DEPRECATED: `:security/nvd`
> Using clojure-nvd via an alias [checks for security issues in clojure-nvd and its dependencies as they merged into the classpath](https://github.com/practicalli/clojure-cli-config/pull/31).
>
> The maintainer of clojure-nvd [suggested several ways to avoid classpath interference](https://github.com/rm-hull/nvd-clojure#avoiding-classpath-interference)
`:security/nvd-scan` and `:security/ndv-fix` adds [clj-watson](https://github.com/clj-holmes/clj-watson) tool

* `:service/nvd` - check library dependencies of a project against the [National Vulnerability Database](https://nvd.nist.gov/) using [nvd-clojure](https://github.com/rm-hull/nvd-clojure)
The alias requires an [API Key to access the NIST National Vulnerability Database (NVD)](https://nvd.nist.gov/developers/request-an-api-key).

| Command | Description |
|--------------------------------------------------|--------------------------------------------------------------------|
| `clojure -T:security/nvd "" "$(clojure -Spath)"` | check all jar files on the class path for security vulnerabilities |
`CLJ_WATSON_NVD_API_KEY` environment variable should be set to the value of the API Key, e.g via `.bashrc` or `.zshenv` file.

> The first "" is required argument and can contain a filename to a json file of additional configuration. The second argument, `"$(clojure -Spath)"`, passes the project classpath to be analysed as a string.
| Command | Description |
|------------------------------- | ------------------------------------------------------------------- |
| `clojure -T:security/nvd-scan` | check all libraries on the class path for security vulnerabilities |
| `clojure -T:security/nvd-fix` | update all libraries on the class path for security vulnerabilities |

> [clj-watson-action](https://github.com/clj-holmes/clj-watson-action) can be used in a GitHub workflow to run security vulnerability checks

## Community activities
Expand Down

0 comments on commit fd5c51a

Please sign in to comment.