nna/npm-audit-action
3
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
24 Commits 1 Branch 2 Tags
dcb39c0a56ce19a69f9a005c2870381a8784b0a0
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Naoki Oketani dcb39c0a56 update @actions/github and @octokit/rest (#46)
2020-03-14 18:04:03 +09:00
__tests__
Correct test case
2019-12-14 21:08:54 +09:00
.github
update actions/checkout to v2 (#37)
2020-01-27 20:48:43 +09:00
@types/octokit
Open a GitHub Issue if vulnerabilities are found (#8)
2019-12-09 08:51:14 +09:00
dist
update @actions/github and @octokit/rest (#46)
2020-03-14 18:04:03 +09:00
src
update @actions/github and @octokit/rest (#46)
2020-03-14 18:04:03 +09:00
.editorconfig
setup repo & run npm audit (#1)
2019-12-08 22:10:35 +09:00
.eslintignore
Initial commit
2019-12-08 19:17:13 +09:00
.eslintrc.json
Set Issue labels by inputs & add unit test (#12)
2019-12-09 12:43:13 +09:00
.gitignore
Initial commit
2019-12-08 19:17:13 +09:00
.prettierignore
Initial commit
2019-12-08 19:17:13 +09:00
.prettierrc.json
Initial commit
2019-12-08 19:17:13 +09:00
action.yml
use GitHub context to branch processing (#22)
2019-12-13 12:18:28 +09:00
DEVELOPMENT.md
add unit test and cleanup (#28)
2019-12-13 16:09:10 +09:00
issue.png
Add image and example to README.md
2019-12-09 14:13:56 +09:00
jest.config.js
Initial commit
2019-12-08 19:17:13 +09:00
LICENSE
setup repo & run npm audit (#1)
2019-12-08 22:10:35 +09:00
package-lock.json
update @actions/github and @octokit/rest (#46)
2020-03-14 18:04:03 +09:00
package.json
update @actions/github and @octokit/rest (#46)
2020-03-14 18:04:03 +09:00
README.md
update actions/checkout to v2 (#37)
2020-01-27 20:48:43 +09:00
tsconfig.json
Initial commit
2019-12-08 19:17:13 +09:00

README.md

npm audit action

Coverage Status

GitHub Action to run npm audit

Feature

Create a Pull Request comment

If vulnerabilities are found by npm audit, Action triggered by PR creates a comment.

Create an Issue

If vulnerabilities are found by npm audit, Action triggered by push, schedule creates the following GitHub Issue.

image

Usage

Inputs

Parameter Required Default Value Description
issue_assignees false N/A Issue assignees (separated by commma)
issue_labels false N/A Issue labels (separated by commma)
issue_title false npm audit found vulnerabilities Issue title
token true N/A GitHub Access Token.
${{ secrets.GITHUB_TOKEN }} is recommended.

Outputs

N/A

Example Workflow

name: npm audit

on:
  pull_request:
  push:
    branches:
      - master
      - 'releases/*'
# on:
#   schedule:
#     - cron: '0 10 * * *'

jobs:
  scan:
    name: npm audit
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v2
      - name: install dependencies
        run: npm ci
      - uses: oke-py/npm-audit-action@v1.1.0
        with:
          github_token: ${{ secrets.GITHUB_TOKEN }}
          issue_assignees: oke-py
          issue_labels: vulnerability,test

This action is inspired by homoluctus/gitrivy.

Reference in New Issue View Git Blame Copy Permalink
Description
A scuffed port of npm-audit-action to Gitea-js
Readme MIT 6.1 MiB
Languages
TypeScript 91.9%
JavaScript 8.1%