Check your deps.edn dependencies against known security vulnerabilities in National Vulnerability Database. In other words, like lein-nvd but for deps.edn.
clj-nvd uses lein-nvd as a library. To learn how the checking works, check out lein-nvd's README.
clj-nvd has not been released yet, so you'll have to use a git dependency.
clojure -Sdeps '{:deps {clj-nvd/clj-nvd {:git/url "https://github.com/miikka/clj-nvd.git" :sha "f2ec98699e057a379baf170cb49cf7ad76874a70"}}}' -m clj-nvd.core check
Alternatively, add clj-nvd as a git dependency to your deps.edn
:
{:aliases
{:clj-nvd {:extra-deps {clj-nvd/clj-nvd {:git/url "https://github.com/miikka/clj-nvd.git"
:sha "f2ec98699e057a379baf170cb49cf7ad76874a70"}}
:main-opts ["-m" "clj-nvd.core"]}}}
clojure -A:clj-nvd check
clj-nvd supports the same commands as lein-nvd: check
, update
, and purge
. To specify the :extra-deps
aliases to check, use -A
:
clojure -A:clj-nvd check -A backend:frontend
More detailed reports are created in the directory target/nvd
.
The configuration is loaded from the file clj-nvd.edn
. See configuration options in lein-nvd's documentation.
clj-nvd is just small wrapper on lein-nvd by Richard Hull, which in turns relies on DependencyCheck by Jeremy Long. To understand how to use tools.deps.alpha, I looked at the source code of Pack and Depot.
Copyright © Metosin Oy and contributors.
Distributed under the Eclipse Public License 2.0.