{"id":25833342,"url":"https://github.com/swirrl/nvd-clojure-gh-action","last_synced_at":"2025-02-28T22:47:53.004Z","repository":{"id":40390529,"uuid":"455297250","full_name":"Swirrl/nvd-clojure-gh-action","owner":"Swirrl","description":"Automated Github Action to automate scanning of Clojure projects for known vulnerabilities in the National Vulnerability Database","archived":false,"fork":false,"pushed_at":"2022-05-11T16:19:21.000Z","size":23,"stargazers_count":8,"open_issues_count":4,"forks_count":0,"subscribers_count":5,"default_branch":"master","last_synced_at":"2023-04-13T09:35:55.371Z","etag":null,"topics":["clojure","github-action","nvd","security","security-audit","vulnerability","vulnerability-scanner"],"latest_commit_sha":null,"homepage":"","language":"Clojure","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"epl-1.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Swirrl.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2022-02-03T19:18:24.000Z","updated_at":"2023-04-01T02:58:48.000Z","dependencies_parsed_at":"2022-08-02T02:20:01.935Z","dependency_job_id":null,"html_url":"https://github.com/Swirrl/nvd-clojure-gh-action","commit_stats":null,"previous_names":[],"tags_count":null,"template":null,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Swirrl%2Fnvd-clojure-gh-action","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Swirrl%2Fnvd-clojure-gh-action/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Swirrl%2Fnvd-clojure-gh-action/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Swirrl%2Fnvd-clojure-gh-action/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Swirrl","download_url":"https://codeload.github.com/Swirrl/nvd-clojure-gh-action/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":241263905,"owners_count":19936058,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["clojure","github-action","nvd","security","security-audit","vulnerability","vulnerability-scanner"],"created_at":"2025-02-28T22:47:52.478Z","updated_at":"2025-02-28T22:47:52.995Z","avatar_url":"https://github.com/Swirrl.png","language":"Clojure","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Clojure NVD Dependency Check Action\n\nA simple GitHub action to run\n[nvd-clojure](https://github.com/rm-hull/nvd-clojure) and report an issue when\nthere are vulnerabilities reported.\n\n## Warning\n\nThis action will create issues on the repository it is activated on. If\nthe repository is public then *the issue posted will be public*, and it will\nlook like this:\n\n```\nCVEs Found in owner/repo: [CRITICAL, HIGH, MEDIUM, LOW] #1\n```\n\nEnsure that you want this before activating this action on a public repository.\n\n## Usage\n\nAdd a `.github/workflows/main.yml` to your project:\n\n```yml\nname: Clojure NVD Dependency Checking\n\non:\n  workflow_dispatch:\n  schedule:\n    - cron: \"0 1 * * 1-5\"\n\njobs:\n  build:\n\n    runs-on: ubuntu-latest\n\n    steps:\n      - name: Checkout Latest Commit\n        uses: actions/checkout@v2.4.0\n\n      - name: NVD Clojure\n        uses: Swirrl/nvd-clojure-gh-action@master\n        with:\n          ## Below is the only required argument; if your\n          ## project only depends on public maven/clojars \n          ## dependencies, this is probably all you need.\n          github_token: ${{ secrets.github_token }}\n\n          ## If the clojure project you wish to scan is not \n          ## in the projects root directory you can configure \n          ## the location with this variable.\n          # directories: sub-project-dir\n          \n          ## Uncomment below and setup secrets if you have\n          ## need to resolve any `tools.deps` `git/deps` from\n          ## private git repositories.\n          # ssh_private_key: ${{ secrets.ssh_private_key }}\n          \n          ## Uncomment and setup secrets below if you have \n          ## any maven dependencies in AWS/S3-wagon buckets\n          # aws_access_key_id: ${{ secrets.aws_access_key_id }}\n          # aws_secret_access_key: ${{ secrets.aws_secret_access_key }}\n```\n\n\n## Supported Arguments\n\n* `directories`: Space separated sub-directories to check. Defaults to the root of the repository.\n* `github_token`: The only required argument. Can either be the default token, as seen above, or a personal access token with write access to the repository.\n* `ssh_private_key`: Used to access private repositories over git/SSH, use the private key of the private repo's \"Deploy Key\".\n* `aws_access_key_id`: Used to access S3 bucket maven repos.\n* `aws_secret_access_key`: Used to access S3 bucket maven repos.\n\n## Suppressing CVEs\n\nDue to how dependency-check identifies libraries false positives may occur\n(i.e. a CPE was identified that is incorrect).\n\nAdd a file in the Clojure project directory named `nvd-clojure-suppress.xml` to\nspecify CVE suppressions.\n\nSee the [DependencyCheck docs](https://jeremylong.github.io/DependencyCheck/general/suppression.html),\nand the [example project](https://github.com/Swirrl/nvd-clojure-gh-action/tree/master/example)\nfor details.\n\n## Licensing\n\nCopyright © 2022 [Swirrl IT Ltd](https://swirrl.com)\n\nDistributed under the [Eclipse Public License](https://github.com/Swirrl/nvd-clojure-gh-action/blob/master/LICENSE) either version 1.0 or (at your option) any later version.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fswirrl%2Fnvd-clojure-gh-action","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fswirrl%2Fnvd-clojure-gh-action","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fswirrl%2Fnvd-clojure-gh-action/lists"}