tools-deps

erwinrooijakkers 2024-08-15T09:17:54.452529Z

I want to build a pom.xml every time a project is run in the dev profile, how can I accomplish this with deps?

erwinrooijakkers 2024-09-23T11:36:06.604399Z

Thanks. Aikido combines outputs of Trivy, Syft and Grype with penetration testing of Zaproxy (also behind authentication!) or Nuclei while removing false positives and displaying it in easy dashboard. It’s a few hundred bucks a month but saves us loads of times integrating the tools ourselves…

erwinrooijakkers 2024-09-23T11:38:31.289909Z

So it combines multiple type of scans

Alex Miller (Clojure team) 2024-08-15T09:56:57.842739Z

The CLI does not have a feature to run tasks automatically but you can gen the pom with clj -X:deps mvn-pom

seancorfield 2024-08-15T16:59:11.564599Z

If you're willing to add a build.clj file and do more of your run/test/etc that way, you could have all the tasks call a fn to update the pom.xml file.

erwinrooijakkers 2024-08-20T11:14:18.163499Z

Thanks! The reason I wanted to generate a pom.xml was because then it could be scanned by the Aikido vulnerability scanner. But they just added support for deps.edn yesterday 🤯 so no more need 🙂.

seancorfield 2024-08-20T17:04:42.893429Z

FWIW, there's clj-watson and nvd-clojure for vulnerability scanning as well. The former does both the NIST NVD and the GitHub Advisory database.

👍 1
seancorfield 2024-08-20T17:05:00.313529Z

(disclaimer: I maintain and use clj-watson)

erwinrooijakkers 2024-08-15T09:18:28.818789Z

i.e. the equivalent of Leiningen’s :prep-tasks ["pom"]