{"id":23626340,"url":"https://github.com/yetanalytics/workflow-nvd","last_synced_at":"2025-08-26T12:20:35.938Z","repository":{"id":185588965,"uuid":"607772825","full_name":"yetanalytics/workflow-nvd","owner":"yetanalytics","description":"Workflows to use for NVD scanning","archived":false,"fork":false,"pushed_at":"2024-09-24T14:14:09.000Z","size":31,"stargazers_count":0,"open_issues_count":1,"forks_count":0,"subscribers_count":4,"default_branch":"main","last_synced_at":"2024-12-27T23:13:26.452Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Clojure","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/yetanalytics.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-02-28T16:41:08.000Z","updated_at":"2024-09-24T14:13:27.000Z","dependencies_parsed_at":null,"dependency_job_id":"a71f5735-4918-46bd-98f4-9baf75937221","html_url":"https://github.com/yetanalytics/workflow-nvd","commit_stats":null,"previous_names":["yetanalytics/workflow-nvd"],"tags_count":4,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yetanalytics%2Fworkflow-nvd","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yetanalytics%2Fworkflow-nvd/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yetanalytics%2Fworkflow-nvd/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yetanalytics%2Fworkflow-nvd/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/yetanalytics","download_url":"https://codeload.github.com/yetanalytics/workflow-nvd/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":239533836,"owners_count":19654770,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-12-27T22:53:00.550Z","updated_at":"2025-02-18T19:26:01.044Z","avatar_url":"https://github.com/yetanalytics.png","language":"Clojure","funding_links":[],"categories":[],"sub_categories":[],"readme":"# workflow-nvd\nReusable workflow to use for NVD scanning.\n\nThe following are the inputs to the `nvd-scan` workflow, which is used to perform scans for CVEs against the National Vulnerability Database by calling out to the [nvd-clojure](https://github.com/rm-hull/nvd-clojure) app.\n\n| Input                  | Description                                      | Default\n| ---                    | ---                                              | ---\n| `classpath-command`    | nvd-clojure classpath command                    | `clojure -Spath`\n| `nvd-clojure-version`  | nvd-clojure version                              | `3.2.0`\n| `nvd-config-filename`  | nvd-clojure configuration file                   | None\n| `notify-slack`         | Whether or not to report scan failures to Slack  | `false`\n| `notify-link-var-name` | Slack workflow variable name for the CI run link | `run_link`\n\nIf `notify-slack` is true, then an NVD scan failure will result in a notification being posted to Slack, with the link to the failed CI run. To use:\n1. [Create a Slack workflow](https://slack.com/help/articles/360053571454-Set-up-a-workflow-in-Slack) (not to be confused with a GitHub workflow). The workflow should include a variable named `run_link` (or whatever name `notify-link-var-name` is set to) in the JSON payload, whose value will be set to the CI run link.\n2. Create a GitHub repository secret `SLACK_WEBHOOK_URL` using the generated webhook URL.\n3. Activate Slack notifications and pass the secret as follows:\n\n```yaml\n  notify_slack:\n    uses: yetanalytics/workflow-nvd/.github/workflows/nvd-scan.yml@[current-version]\n    with:\n      notify-slack: true\n    secrets:\n      SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}\n```\n\nAlternatively you can pass the secret as `secrets: inherit`.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fyetanalytics%2Fworkflow-nvd","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fyetanalytics%2Fworkflow-nvd","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fyetanalytics%2Fworkflow-nvd/lists"}