Skip to content

G
gitlab-ce
Commit 0ebf0c4f authored by Dennis Appelt's avatar Dennis Appelt Committed by Rémy Coutable
Browse files
Options

Add Yarn Audit CI Job

parent 3df3912b
Hide whitespace changes
Inline Side-by-side
Showing with 14 additions and 0 deletions
.gitlab/ci/reports.gitlab-ci.yml
View file @ 0ebf0c4f
......@@ -96,6 +96,13 @@ retire-js-dependency_scanning:
gemnasium-python-dependency_scanning:
rules: !reference [".reports:rules:gemnasium-python-dependency_scanning", rules]
yarn-audit-dependency_scanning:
extends: .ds-analyzer
image: "registry.gitlab.com/gitlab-org/security-products/analyzers/npm-audit:1.4.0"
variables:
TOOL: yarn
rules: !reference [".reports:rules:yarn-audit-dependency_scanning", rules]
# Analyze dependencies for malicious behavior
# See https://gitlab.com/gitlab-com/gl-security/security-research/package-hunter
.package_hunter-base:
......
.gitlab/ci/rules.gitlab-ci.yml
View file @ 0ebf0c4f
......@@ -167,6 +167,7 @@
.nodejs-patterns: &nodejs-patterns
- '{package.json,*/package.json,*/*/package.json}'
- '{yarn.lock,*/yarn.lock,*/*/yarn.lock}'
.python-patterns: &python-patterns
- '{requirements.txt,*/requirements.txt,*/*/requirements.txt}'
......@@ -1483,6 +1484,12 @@
when: never
- changes: *python-patterns
.reports:rules:yarn-audit-dependency_scanning:
rules:
- if: '$DEPENDENCY_SCANNING_DISABLED || $GITLAB_FEATURES !~ /\bdependency_scanning\b/'
when: never
- changes: *nodejs-patterns
.reports:rules:schedule-dast:
rules:
- if: '$DAST_DISABLED || $GITLAB_FEATURES !~ /\bdast\b/'
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7