当NPM审核检测依赖项时,使管道失败
我正在我的gitlab ci上使用NPM审核,一切正常,我创建了一个json,其中包含用于更新的依赖项列表。
现在,我希望每次过时的依赖性失败。
在其他语言上,我们有PHP/PIP使管道失败
有什么想法吗?
image: "registry.gitlab.com/gitlab-org/security-products/analyzers/npm-audit:1.4.0"
stage: security-check
variables:
TOOL: npm
script:
- /analyzer run
artifacts:
reports:
dependency_scanning: gl-dependency-scanning-report.json
paths:
- gl-dependency-scanning-report.json
I am using npm audit on my gitlab CI, everything works fine I have a json created with the list of the dependencies to update.
Now, I want this pipeline to fail everytime a dependency is outdated.
On other languages we have php/pip that makes the pipeline fail
Any idea ?
image: "registry.gitlab.com/gitlab-org/security-products/analyzers/npm-audit:1.4.0"
stage: security-check
variables:
TOOL: npm
script:
- /analyzer run
artifacts:
reports:
dependency_scanning: gl-dependency-scanning-report.json
paths:
- gl-dependency-scanning-report.json
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
您可以在作业中添加允许失败的选项或不使用
laster_failure选项。您可以使用以下内容将其添加到您的安全检查工作中:
还有另一个工具此处
此工具提供的环境变量可以根据NPM审核的严重性进行配置。
从上面的gitlabs readme中:
scan_exit_code-在发现中等,高或关键漏洞的情况下,将强制特定的退出代码。
如果未设置此设置,则在上述情况下将使用退出代码1,否则为0。
You can add the option for allowing failures or not with the
allow_failureoption in your job.You can add this to your security-check job with the following:
There is also another tool here
This tool offers environment variables that can be configured depending on the severity of the npm audit.
From the above Gitlabs Readme:
SCAN_EXIT_CODE - Will force a specific exit code in case of a moderate, high or critical vulnerability is found.
In case this is not set, exit code 1 will be used in the cases above, else 0.