Skip to content

ci(workspace): add npm audit workflow to scan dependencies #171

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

ci(workspace): add npm audit workflow to scan dependencies #171

wants to merge 2 commits into from

Conversation

TharakaUJ
Copy link

introduce automated security scanning for dependencies by running npm audit in pull requests. this ensures vulnerabilities are caught earlier in the development cycle and increases visibility for reviewers.

Closes #153

Purpose

Related Issues

Related PRs

Checklist

  • e2e cypress tests locally verified.
  • Manual test round performed and verified.
  • UX/UI review done on the final implementation.
  • Documentation provided. (Add links if there are any)
  • Unit tests provided. (Add links if there are any)
  • Integration tests provided. (Add links if there are any)

Security checks

@TharakaUJ TharakaUJ closed this Sep 24, 2025
@TharakaUJ TharakaUJ reopened this Sep 24, 2025
@TharakaUJ
ci(workspace): add pnpm audit workflow to scan dependencies
b5b00bc 
introduce automated security scanning for dependencies by running `npm audit` in pull requests.
this ensures vulnerabilities are caught earlier in the development cycle and increases visibility for reviewers.

Closes asgardeo#153
@brionmario
Copy link
Member

Hi @TharakaUJ,

Thanks a lot for the PR.

Just FYI, jave a look at here: #153 (comment) to understand the issue picking process of the competition.

Cheers!

@brionmario
Copy link
Member

@NipuniBhagya Could you please review this?

@TharakaUJ
Copy link
Author

Just FYI, jave a look at here: #153 (comment) to understand the issue picking process of the competition.

Thanks for pointing me to that! I’ve gone through the comment and now understand the issue picking process. I’ll be sure to follow it properly for future contributions.

@TharakaUJ TharakaUJ mentioned this pull request Sep 27, 2025
Open
3 tasks
brionmario
brionmario reviewed Sep 29, 2025
View reviewed changes
brionmario
brionmario reviewed Sep 29, 2025
View reviewed changes
.github/workflows/npm-audit.yml Outdated
audit:
runs-on: ubuntu-latest
steps:
- name: Checkout code
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Lets follow the current style of configuring CI jobs.

We usually keep a matrix of the versions such as Node.js for ease.

Have a look at the following reference and lets use the exact same style here as well.

Ref: https://github.com/asgardeo/javascript/blob/main/.github/workflows/pr-builder.yml#L18-L48

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ok. I have added the changes.

@TharakaUJ
ci(workspace): edit pnpm audit workflow to scan dependencies
59e35e2 
Follow the current style of configuring CI jobs as requested by reviewers:

- Use matrix strategy for Node.js versions for ease of maintenance
- Match the exact same style as reference pr-builder.yml workflow

Addresses reviewer feedback: "Lets follow the current style of configuring CI jobs.
We usually keep a matrix of the versions such as Node.js for ease."
TharakaUJ

This comment was marked as duplicate.

Sign in to view

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@brionmario brionmario brionmario left review comments

@NipuniBhagya NipuniBhagya Awaiting requested review from NipuniBhagya

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

ci: add security scanner to PR builder for NPM audit log
2 participants
@TharakaUJ @brionmario