Security vulnerability scan #162
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: "Security vulnerability scan" | |
on: | |
schedule: | |
- cron: "55 2 * * *" | |
workflow_dispatch: | |
permissions: | |
contents: read | |
jobs: | |
# Job to handle the auditing of the code | |
# NPM audit is run on a 'fake' installation of the libraries | |
# Pulling in all the dependencies it will be able to run NPM AUDIT, and if that returns a | |
# error code the job will fail. | |
scan: | |
runs-on: ubuntu-20.04 | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-node@v4 | |
with: | |
node-version: 18 | |
- name: Install | |
run: node common/scripts/install-run-rush.js install | |
- name: Build packages | |
run: node common/scripts/install-run-rush.js publish --include-all --pack --release-folder tgz --publish | |
- name: Start local NPM registry | |
run: node common/scripts/install-run-rush.js start-verdaccio # script will check for the ci variable and use built images | |
- name: Deploy scan project | |
run: | | |
mkdir -p audit | |
cd audit | |
npm init --yes | |
npm install --save --package-lock-only --registry http://localhost:4873 fabric-shim fabric-shim-api fabric-contract-api | |
- name: Scan | |
working-directory: audit | |
run: npm audit --omit=dev |