Jeremy Long

If a new volunteer to work on the project steps forward - we can give them access. This has happened in the past with the ODC jenkins plugin. However, I...

@ejohn20 I might suggest that you update the README.md indicating the project is seeking a new maintainer?

We do not currently support conda's environment.yml files yet. We accept PRs if you are interested in contributing.

As @aikebah noted in PR #5330- the proxy configuration is already being used if it is configured. Are there rules setup to allow the NVD that would need to be...

The options would be to mirror the catalog or disable the analyzer.

The known exploited vulnerability catalog does not add any new vulnerabilities... but any vulnerabilities in the catalog likely need to be patched ASAP as there are known attacks happening using...

You should be able to override them with `-Danalyzer.central.retry.count=1`.

not sure you can actually use a different `central.content.url` though... You may have to use the nexus analyzer instead.

Not sure if `https://repo1.maven.org/maven2/` has the same API endpoints as `search.maven.org`. Regarding nexus - I'm not sure, I didn't right the integration and I haven't tested it. it **might** work...

You likely should use an API Key from the NVD and take a look at https://jeremylong.github.io/DependencyCheck/data/cacheh2.html