Commit f9198216 authored by SBassett's avatar SBassett
Browse files

* Add separate echo statements instead of newlines, which is apparently how...

* Add separate echo statements instead of newlines, which is apparently how this must be done in gitlab ci console output :/
* Add support for WM_APPSEC_NPM_AUDIT_OPTION variable to override default secteam npm audit options
parent b8605f6c
Pipeline #1384 passed with stage
in 46 seconds
......@@ -4,11 +4,17 @@ npm_audit_dependency_check:
allow_failure: false
variables:
# default secteam npm audit options
NPM_AUDIT_OPTIONS: "--moderate=true --skip-dev=true --report=true"
before_script:
- apt-get update -yqq && apt-get install -yqq git
- npm install -g audit-ci
- |
# check if alternative npm audit options were specified calling gitlab-ci.yml file
if [ -z "$WM_APPSEC_NPM_AUDIT_OPTIONS" ]; then
WM_APPSEC_NPM_AUDIT_OPTIONS=${NPM_AUDIT_OPTIONS}
fi
script:
- |
......@@ -21,14 +27,18 @@ npm_audit_dependency_check:
npm_dir="$(dirname "$f")"
cd $root_dir/$npm_dir
npm install --package-lock-only
echo -e "\n\n----- $f -----\n\n"
echo ""
echo "----- $f -----"
echo ""
set -e
EXIT_CODE=0
audit-ci ${NPM_AUDIT_OPTIONS} || EXIT_CODE=$?
audit-ci ${WM_APPSEC_NPM_AUDIT_OPTIONS} || EXIT_CODE=$?
TOTAL_EXIT_CODES=$(($TOTAL_EXIT_CODES + $EXIT_CODE))
done
if [ "$TOTAL_EXIT_CODES" -gt 0 ]; then
echo -e "\n\nAt least one package.json file contained vulnerable dependencies - please review.\n\n"
echo ""
echo "At least one package.json file contained vulnerable dependencies, please review."
echo ""
exit 1
fi
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment