-
Notifications
You must be signed in to change notification settings - Fork 8
/
.gitlab-ci.yml
38 lines (31 loc) · 1.28 KB
/
.gitlab-ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
# Use this template to audit an npm project for security vulnerabilities with JFrog Xray.
# The `jf audit` command works as follows:
#
# 1. It creates a dependency tree for the project, including the direct and indirect (transitives) dependencies
# 2. Scans the dependency tree with JFrog Xray
# 3. Displays the vulnerabilities found
#
# To create the dependency tree, the command expects the dependencies to be presented on the local agent.
# To ensure that, the `jf npm install` command is executed before the `jf audit` command.
#
# Requirements:
# Configure 'ARTIFACTORY_REMOTE_REPO' variable with the npm repository in JFrog Artifactory
# from which the the dependencies can be resolved.
default:
image: node:16
include:
- remote: "https://releases.jfrog.io/artifactory/jfrog-cli/gitlab/v2/.setup-jfrog-unix.yml"
# For Windows agents:
#- remote: "https://releases.jfrog.io/artifactory/jfrog-cli/gitlab/v2/.setup-jfrog-windows.yml"
jfrog-npm-audit:
script:
- !reference [.setup_jfrog, script]
# Configure JFrog Artifactory repositories
- jf npmc --repo-resolve $ARTIFACTORY_REMOTE_REPO
# Ensure the project dependencies are presented locally
- jf npm install
# Audit npm project
- jf audit
after_script:
# Cleanup
- !reference [.cleanup_jfrog, script]