diff --git a/.github/workflows/dependency-vulnerabilities.yml b/.github/workflows/dependency-vulnerabilities.yml
index 88400b8..4f2f725 100644
--- a/.github/workflows/dependency-vulnerabilities.yml
+++ b/.github/workflows/dependency-vulnerabilities.yml
@@ -27,9 +27,7 @@ jobs:
       with:
         path: |
           ./.m2
-          ./bin
-          ./lib
-          
+
         # store as today's cache
         key: "nvd-clojure-${{ steps.date.outputs.date }}"
         # if today's cache does not yet exist, fetch from whatever iss
@@ -41,7 +39,7 @@ jobs:
       run: .github/workflows/install-binaries.sh
 
     - name: Install NVD clojure
-      run: bin/clojure -Ttools install nvd-clojure/nvd-clojure '{:mvn/version "RELEASE"}' :as nvd;
+      run: bin/clojure -Ttools install nvd-clojure/nvd-clojure '{:mvn/version "RELEASE"}' :as nvd
 
     - name: Check that NVD Secret is set
       env:
@@ -53,4 +51,4 @@ jobs:
       env:
         NVD_API_TOKEN: ${{ secrets.NVD_API_TOKEN }}
       working-directory: ishare-jwt
-      run: ../bin/clojure -J-Dclojure.main.report=stderr -Tnvd nvd.task/check :config-filename '".nvd-config.edn"' :classpath "\"$(../bin/clojure -Spath)\""
+      run: ../bin/clojure -J-Dclojure.main.report=stderr -Sdeps '{:deps {org.owasp/dependency-check-maven {:mvn/version "10.0.2"}}}' -Tnvd nvd.task/check :config-filename '".nvd-config.json"' :classpath "\"$(../bin/clojure -Spath)\""
diff --git a/.nvd-config.json b/.nvd-config.json
new file mode 100644
index 0000000..9d46bc7
--- /dev/null
+++ b/.nvd-config.json
@@ -0,0 +1 @@
+{"nvd": {"suppression-file": ".nvd-suppressions.xml"}}
diff --git a/.nvd-suppressions.xml b/.nvd-suppressions.xml
new file mode 100644
index 0000000..98a46ae
--- /dev/null
+++ b/.nvd-suppressions.xml
@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
+  <suppress>
+    <notes>This is a vulnerability in clojure before 1.9.0, which we are not using</notes>
+    <packageUrl regex="true">.*</packageUrl>
+    <cve>CVE-2017-20189</cve>
+  </suppress>
+</suppressions>