test: utilise Secvisogram for validation

Signed-off-by: Rifa Achrinza <[email protected]>

Author: achrinza

.github/workflows/ci.yaml

@@ -11,12 +11,16 @@ jobs:
     steps:
       - uses: actions/checkout@v2
         with:
-          submodules: true
+          submodules: recursive
       - uses: actions/setup-node@v2
         with:
           node-version: 16
-      - name: Install tools
-        run: npm ci --ignore-scripts
+      - name: Install dependencies
+        run: |
+          npm ci --ignore-scripts
+          npm run-script --ignore-scripts install
+      - name: Build project
+        run: npm run --ignore-scripts build
       - name: Run code lint
         run: |
           npm run-script --ignore-scripts prettier:check
@@ -35,4 +39,4 @@ jobs:
       - name: Install tools
         run: npm ci --ignore-scripts
       - name: Run commit lint
-        run: npx commitlint --from=origin/main --to=HEAD --verbose
+        run: npx --no-install commitlint --from=origin/main --to=HEAD --verbose

README.md

@@ -9,3 +9,12 @@ about the LoopBack project. It includes the following:
 - PGP Keys ([`keys/`](keys/README.md))
 - Scripts ([`scripts/`](scripts/README.md))
 - Vendors ([`vendors/`](vendors/README.md))
+
+## Cloning This Repository
+
+To clone this Git repository:
+
+```
+git clone [email protected]:loopbackio/security.git
+git submodule update --recursive
+```

advisories/README.md

@@ -5,8 +5,8 @@
 > advisories.
 
 This section of the Git repository is where all LBSAs are stored. They are
-written as
-[CSAF 2.0](https://docs.oasis-open.org/csaf/csaf/v2.0/csaf-v2.0.html) documents.
+written as [CSAF 2.0](https://docs.oasis-open.org/csaf/csaf/v2.0/csaf-v2.0.html)
+documents.
 
 The naming convention is as follows:
 
@@ -23,25 +23,26 @@ Where:
 ## Scripts
 
 Validation of the CSAF 2.0 documents are done by
-<../scripts/advisories/validate-csaf20.ts>. This is triggered automatically during
-a Git commit, and as part of the [CI pipeline](../.github/workflows/ci.yaml). It
-can also be triggered by running `npm run validate-csaf20`.
+<../scripts/advisories/validate-csaf20.ts>. This is triggered automatically
+during a Git commit, and as part of the
+[CI pipeline](../.github/workflows/ci.yaml). It can also be triggered by running
+`npm run validate-csaf20`.
 
 ## Vendors
 
-This section depends on [Secvisogram](../vendors/README.md#submodules) for its
-ports of JSON Schemas from Draft-04 (No first-class AJV support) to Draft-2019,
-and for a strict variant of CSAF 2.0 JSON Schema. There are plans to utilise the
-other parts of the codebase for more thorough validation.
+This section depends on [Secvisogram](../vendors/README.md#submodules) for
+validation, its ports of JSON Schemas from Draft-04 (No first-class AJV support)
+to Draft-2019, and for a strict variant of CSAF 2.0 JSON Schema. There are plans
+to utilise the other parts of the codebase for more thorough validation.
 
 ## Dependents
 
 There's current no known dependents on these CSAF 2.0 documents. However, there
 are future plans to add integration:
 
-| Integration | Status
-|-|-
-| Generation of security advisories on [loopback.io website](https://loopback.io/doc/en/sec/index.html) | Planned
-| Publishing as a CSAF Provider through csaf.data.loopback.io | Planned
-| Down-conversion and publication of CVRF 1.2 | Planned
-| Sync with Gitlab Advisory Database | Planned
+| Integration                                                                                           | Status  |
+| ----------------------------------------------------------------------------------------------------- | ------- |
+| Generation of security advisories on [loopback.io website](https://loopback.io/doc/en/sec/index.html) | Planned |
+| Publishing as a CSAF Provider through csaf.data.loopback.io                                           | Planned |
+| Down-conversion and publication of CVRF 1.2                                                           | Planned |
+| Sync with Gitlab Advisory Database                                                                    | Planned |