Check npm vulnerabilities

In this tutorial, you will create a CDS Workflow with the Web UI that check JavaScript vulnerabilities

  • Create a workflow using one pipeline
  • You will discover the npm-audit-parser plugin action, which parse npm audit report

1 - Create your CDS project

Let’s create a project. On the top navbar, click on ‘Create a project’.

view screenshots...

2 - Add a repository manager on your project

The project is now create, you have to link a repository manager. Be sure to have a Repository manager as GitHub, Bitbucket Server or GitLab setted up on your CDS Instance.

view screenshots...

You’ve got a project, linked to GitHub. Let’s create an application.

A CDS Application is useful to have a link to a Git Repository.

view screenshots...

4 - Create the workflow

version: v1.0
name: check-node-vulnerabilities
jobs:
- job: New Job
  steps:
  - checkout: '{{.cds.workspace}}'
  - script:
    - npm install --no-audit
  - optional: true
    script:
    - npm audit --json > report.json
  - plugin-npm-audit-parser:
      file: report.json
  requirements:
  - binary: git
  - binary: npm
  - plugin: plugin-npm-audit-parser
view screenshots...

5 - Run Workflow

The workflow is now ready to be launched

view screenshots...

6 - Application vulnerability

If the workflow has been launch on the default branch of your repository, vulnerabilities are also attached to the CDS application

view screenshots...