You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
For a given project, all the .jar files from its classpath
11
-
will be checked for known security vulnerabilities. `nvd-clojure` passes them to a library called [DependencyCheck](https://github.com/jeremylong/DependencyCheck) which does the vulnerability analysis. Quoting the README from that library:
11
+
will be checked for known security vulnerabilities. `nvd-clojure` passes them to a library called [DependencyCheck](https://github.com/dependency-check/DependencyCheck) which does the vulnerability analysis. Quoting the README from that library:
12
12
13
13
> DependencyCheck is a utility that attempts to detect publicly disclosed
14
14
> vulnerabilities contained within project dependencies. It does this by
@@ -191,7 +191,7 @@ There are some specific settings below which are worthy of a few comments:
191
191
- It shouldn't normally be necessary to change this
192
192
*`:suppression-file` default unset
193
193
- Allows for CVEs to be permanently or temporarily suppressed.
194
-
- See [DependencyCheck documentation](https://jeremylong.github.io/DependencyCheck/general/suppression.html) for the XML file format.
194
+
- See [DependencyCheck documentation](https://dependency-check.github.io/DependencyCheck/general/suppression.html) for the XML file format.
195
195
- If a nvd-clojure.edn file was automatically generated for you, then this file will also be automatically generated (and enabled) for you.
196
196
*`:verbose-summary` default false
197
197
- When set to true, the summary table includes a severity determination for all dependencies.
0 commit comments