2e5ad3c2cf
* Creates an issue even if inputs.issue_labels is not given * 1.0.0 * Use v1.0.0 in example, daily scan
1.3 KiB
1.3 KiB
npm audit action
GitHub Action to run npm audit
If vulnerabilities are found by npm audit, it creates the following GitHub Issue.
Usage
Inputs
| Parameter | Required | Default Value | Description |
|---|---|---|---|
| issue_assignees | false | N/A | Issue assignees (separated by commma) |
| issue_labels | false | N/A | Issue labels (separated by commma) |
| issue_title | false | npm audit found vulnerabilities | Issue title |
| token | true | N/A | GitHub Access Token. ${{ secrets.GITHUB_TOKEN }} is recommended. |
Outputs
N/A
Example Workflow
name: npm audit
on: [push, pull_request]
# on:
# schedule:
# - cron: '0 10 * * *'
jobs:
scan:
name: npm audit
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v1
- name: install dependencies
run: npm ci
- uses: oke-py/npm-audit-action@v1.0.0
with:
token: ${{ secrets.GITHUB_TOKEN }}
issue_assignees: oke-py
issue_labels: vulnerability,test
This action is inspired by homoluctus/gitrivy.