Comments (6)
Latest version? 4.1.3 or 5.0.0
NIST has required users of its NVD database to switch to the new API, from the old data feeds. 4.1.3 still uses the data feeds, 5.0.0 uses the API. To use the API, you need a key per the README, however there's a small bug in how the clj-watson.properties
file is read (see #43).
You can work around it in 5.0.0 by specifying -w
and the same relative path to where the file would be on the classpath.
Or you can depend on :git/sha "76b687f3eb807ab55632c69ef2c011886513efef"
which is the PR that fixes it and will be part of the 5.0.1 release, once @mthbernardes either approves my PRs or removes the requirement for at least one reviewer (since none of the reviewers are currently responding to PR review requests).
Once the PR/merge/push process is simplified, I'll be taking the project over. I started my own fork to create the 5.0.0 release but @mthbernardes and I agree that keeping it under clj-holmes
would be better.
from clj-watson.
I had switched to 5.0.0. I saw the API stuff and do have a clj-watson.properties file with an api key on the classpath. It did not seem like the error I got was related to the API stuff though?
from clj-watson.
I switched to the sha above and got the same error.
from clj-watson.
You may have to rm -rf /tmp/db
to get a clean database (cache) setup at this point.
from clj-watson.
I'll add a Troubleshooting section to the README with this information in it (and maybe other things).
from clj-watson.
The README already mentioned the /tmp/db
folder but only in passing as part of the DependencyCheck
section, so I added a note to the Quick Start about deleting it, if it seems to be causing problems.
from clj-watson.
Related Issues (20)
- comparing version in a really wrong way. HOT 1
- Sorted report
- Native SARIF output support HOT 20
- Project- and version-based false positives when shadow-cljs is a dependency HOT 5
- support sarif output for dependency-check scan strategy HOT 1
- CVE identifiers are missing in 3.0.2 output HOT 9
- core.async false positive HOT 3
- Can't run clj-watson as a -M alias HOT 2
- Bug in 4.1.1? HOT 4
- Unable to update watson database, version exceeds column limit HOT 1
- Persistent 503 errors? HOT 6
- Switch from depstar to tools.build HOT 2
- Provide an additive properties file HOT 2
- Bug in 5.0.0: clj-watson.properties file not found on classpath
- Add logging/printing to show additional properties
- Update DependencyCheck to latest version HOT 1
- Clean up command-line tool invocation HOT 1
- Document how to suppress false positives HOT 1
- Breaks on datahike dep HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from clj-watson.