32 lines
703 B
YAML
32 lines
703 B
YAML
name: npm audit
|
|
|
|
on:
|
|
pull_request:
|
|
workflow_dispatch:
|
|
push:
|
|
branches:
|
|
- master
|
|
- 'releases/*'
|
|
# on:
|
|
# schedule:
|
|
# - cron: '0 10 * * *'
|
|
|
|
jobs:
|
|
scan:
|
|
name: npm audit
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
- name: Setup Node.JS
|
|
uses: actions/setup-node@v4
|
|
with:
|
|
node-version: 20
|
|
- name: install dependencies
|
|
run: npm ci
|
|
- uses: https://hazzy.nonamesoft.xyz/nna/npm-audit-action@v1
|
|
with:
|
|
audit_level: moderate
|
|
github_token: ${{ secrets.GITHUB_TOKEN }}
|
|
issue_assignees: ghostfox
|
|
issue_labels: vulnerability,test
|
|
dedupe_issues: true |