Jeremy Long

Did you look at the example? https://jeremylong.github.io/DependencyCheck/dependency-check-cli/arguments.html ``` file://c:/path/to/nvdcve-{0}.json.gz ``` I'm guessing on the format of the file URL a little as I don't feel like looking it up and...

1. untar the file - It should look something like: https://github.com/dependency-check/DependencyCheck_Builder/tree/gh-pages/nvd_cache 2. either host the files on a web server and supply the path to the cache or use the...

I missed the equals sign: ``` ./dependency-check.sh --nvdDatafeed=file:///path/to/nvd_cache ```

Planning this for 10.0 - more testing is needed. I don't think we can build under Java 21 yet( at least on the gradle side), but the runtime should be...

pretty sure that part is a bit memory-intensive. The benefit of using a DB like this is that once you have the first full update of data it is very...

If you are keeping the external database up-to-date some other way then yes - using `--noupdate` will stop ODC from reaching out to the internet for the NVD data.

Sorry for the delayed response - there are two nodejs analyzers. One should be disabled as it either needs to be thrown out or completely re-written. The warning message is...

Until someone can provide a package.json and package-lock.json that demonstrate the behavior we'll never know.

Looks like dependency-check does not yet support `workspaces`: ```json "packages": { "": { "name": "lerna-monorepo", "license": "MIT", "workspaces": [ "packages/*", "packages/legacy-structure/commands/create" ], ``` In the meantime, you can explicitly scan...

thanks for the PR!