vuu/.github/workflows/cve-scanning-node.yml at c9f502ab4883f72164e601e1c74cc99f878f4db8 · finos/vuu · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
name: Node CVE Scanning

on:
  push:
    paths:
      - "**/package.json"
      - ".github/workflows/cve-scanning-node.yml"
      - "vuu-ui/allow-list.xml"

jobs:

  node-modules-scan:
    runs-on: ubuntu-latest

    env:
      OSS_INDEX_USERNAME: ${{ secrets.OSS_INDEX_USERNAME }}
      OSS_INDEX_API_KEY: ${{ secrets.OSS_INDEX_API_KEY }}

    steps:
      - name: Checkout
        uses: actions/checkout@v3

      - name: Set up Node
        uses: actions/setup-node@v3
        with:
          node-version: 20.x

      - name: Build project with NPM
        run: npm install --omit=dev
        working-directory: vuu-ui

      - name: Depcheck
        if: ${{ env.OSS_INDEX_USERNAME != '' && env.OSS_INDEX_API_KEY != '' }}
        uses: dependency-check/Dependency-Check_Action@1b5d19fd4a32ff0ff982e8c9d8e27dbf7ac8a46c
        id: Depcheck
        with:
          project: 'vuu-ui'
          path: 'vuu-ui'
          format: 'HTML'
          out: 'reports'
          args: >
            --ossIndexUsername ${{ env.OSS_INDEX_USERNAME }}
            --ossIndexPassword ${{ env.OSS_INDEX_API_KEY }}
            --suppression allow-list.xml
            --nodeAuditSkipDevDependencies
            --nodePackageSkipDevDependencies
            --failOnCVSS 7
            --enableRetired

      - name: Upload Test results
        if: ${{ always() }}
        uses: actions/upload-artifact@v4
        with:
          name: Depcheck report
          path: ${{ github.workspace }}/reports