Skip to content

CVE Scanning for Node.js #336

CVE Scanning for Node.js

CVE Scanning for Node.js #336

name: CVE Scanning for Node.js
on:
schedule:
- cron: '0 8,18 * * 1-5'
pull_request:
paths:
- 'package.json'
- 'package-lock.json'
- 'allow-list.json'
- '.github/workflows/cve-scanning-node.yml'
jobs:
scan:
runs-on: ubuntu-latest
strategy:
matrix:
node-version: [16.x]
steps:
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
- name: Use Node.js ${{ matrix.node-version }}
uses: actions/setup-node@v4
with:
node-version: ${{ matrix.node-version }}
- run: npm ci --prod
- run: npx --yes auditjs ossi --whitelist allow-list.json