Skip to content
CVE Scanning for Node.js

Merge pull request #2047 from finos/renovate/patch-updates #777

Sign in to view logs

Merge pull request #2047 from finos/renovate/patch-updates

Merge pull request #2047 from finos/renovate/patch-updates #777

Workflow file for this run

.github/workflows/cve-scanning-node.yml at e4b4429
name: CVE Scanning for Node.js
permissions:
contents: read
id-token: write
on:
workflow_dispatch:
schedule:
- cron: "0 8,18 * * 1-5"
push:
paths:
- "**/package.json"
- "**/package-lock.json"
- ".github/workflows/node-cve-ignore-list.xml"
- ".github/workflows/cve-scanning-node.yml"
pull_request:
paths:
- "**/package.json"
- "**/package-lock.json"
- ".github/workflows/node-cve-ignore-list.xml"
- ".github/workflows/cve-scanning-node.yml"
jobs:
node-modules-scan:
name: ${{ matrix.module-folder }}-node-scan
runs-on: ubuntu-latest
environment:
name: code-scan
continue-on-error: false
strategy:
matrix:
module-folder: ["cli", "docs", "shared"]
steps:
- name: Checkout
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6
- name: Set up Node
uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6
with:
node-version: 22
- name: Build project with NPM
run: npm install --omit=dev --ignore-scripts
working-directory: ${{ matrix.module-folder }}
- name: Depcheck
uses: dependency-check/Dependency-Check_Action@main
id: Depcheck
with:
project: "${{ matrix.module-folder }}"
path: "${{ matrix.module-folder }}"
format: "HTML"
out: "${{ matrix.module-folder }}-reports"
args: >
--suppression .github/node-cve-ignore-list.xml
--nodeAuditSkipDevDependencies
--nodePackageSkipDevDependencies
--failOnCVSS 5
--enableRetired
--ossIndexUsername ${{ vars.OSS_INDEX_USERNAME }}
--ossIndexPassword ${{ vars.OSS_INDEX_PASSWORD }}
- run: |
echo `echo UPNAME=${{matrix.module-folder}} | tr '/' '-'` >> $GITHUB_ENV
shell: bash
- name: Upload Test results
if: ${{ always() }}
uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5
with:
name: Depcheck report ${{ env.UPNAME }}
path: ${{ github.workspace }}/${{ matrix.module-folder }}-reports