pedestal

lread 2024-07-04T16:21:02.488549Z

Some tips for CI: the underlying data feeds have changed, they now 1. require a token 2. support downloading of vulnerability db changes only 3. are currently undergoing some stress so an entire vulnerability db can take a long time (up to 35m!) 4. item 2 reduces item 3 to under 2 minutes if you CI cache the vulnerability db Also as of this writing https://github.com/rm-hull/nvd-clojure/issues/178, so you'll need to compensate, or you won't have any success.

hlship 2024-07-05T15:46:13.534729Z

My challenge was with the token itself, it seemed to get rejected. Haven't revisited this lately, may take another crack at it next week.

👍 1
hlship 2024-07-04T01:30:22.624999Z

Thanks, I "temporarily" disabled the NVD checks a few months back because I was having trouble getting them to run under CI. I need to fix that as well!

lread 2024-07-04T02:06:57.265719Z

We have set this up on clj-yaml and pomegranate, lemme know if you need a hand.