Skip to content
Audit

Merge pull request #1308 from ericcornelissen/renovate/actionlint-1.x #744

Sign in to view logs

Merge pull request #1308 from ericcornelissen/renovate/actionlint-1.x

Merge pull request #1308 from ericcornelissen/renovate/actionlint-1.x #744

Workflow file for this run

.github/workflows/audit-dev.yml at 52ea271
name: Audit
on:
pull_request:
paths:
- .github/workflows/audit-dev.yml
- .grype.yml
- .ndmrc
- .syft.yml
- .tool-versions
- Containerfile
- package-lock.json
push:
branches:
- main
schedule:
- cron: 0 3 * * *
workflow_dispatch: ~
permissions: read-all
jobs:
deprecations:
name: Deprecations
runs-on: ubuntu-24.04
steps:
- name: Checkout repository
uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
with:
persist-credentials: false
- name: Install Node.js
uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
with:
cache: npm
node-version-file: .nvmrc
- name: Audit all deprecation warnings
run: make audit-deprecations-npm
image:
name: Image
runs-on: ubuntu-24.04
steps:
- name: Checkout repository
uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
id: checkout
with:
persist-credentials: false
- name: Install asdf
uses: asdf-vm/actions/setup@1902764435ca0dd2f3388eea723a4f92a4eb8302 # v4.0.0
- name: Configure asdf plugins
run: |
asdf plugin add diffoci https://github.com/ericcornelissen/asdf-diffoci
- name: Install tooling
uses: asdf-vm/actions/install@1902764435ca0dd2f3388eea723a4f92a4eb8302 # v4.0.0
- name: Audit dependencies in container image
run: make audit-vulnerabilities-image
- name: Upload SBOM and vulnerability scan
uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
if: ${{ failure() || success() }}
with:
if-no-files-found: error
name: container-scan-${{ steps.checkout.outputs.commit }}
path: |
sbom-syft.json
vulns.json
npm:
name: npm
runs-on: ubuntu-24.04
steps:
- name: Checkout repository
uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
with:
persist-credentials: false
- name: Install Node.js
uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
with:
cache: npm
node-version-file: .nvmrc
- name: Audit all npm dependencies
run: make audit-vulnerabilities-npm