SymphonyElectron/.github/workflows/cve-scanning-node.yml
2022-12-14 14:43:16 +01:00

26 lines
689 B
YAML

name: CVE Scanning for Node.js
on:
push:
paths:
- 'package.json'
- 'package-lock.json'
- 'allow-list.json'
- '.github/workflows/cve-scanning-node.yml'
jobs:
scan:
runs-on: ubuntu-latest
strategy:
matrix:
node-version: [16.x]
steps:
- uses: actions/checkout@v3
- name: Use Node.js ${{ matrix.node-version }}
uses: actions/setup-node@v3
with:
node-version: ${{ matrix.node-version }}
- run: npm config set package-lock false
# TODO - this is ignoring package-lock.json
- run: npm install --prod --ignore-scripts
- run: npx --yes auditjs ossi --whitelist allow-list.json