updating security scanning

mountain-pass · Nov 25, 2020 · 8f40c75 · 8f40c75
1 parent de9023b
commit 8f40c75
Show file tree

Hide file tree

Showing 4 changed files with 2,455 additions and 136 deletions.
diff --git a/.github/workflows/build-and-publish.yml b/.github/workflows/build-and-publish.yml
@@ -129,13 +129,25 @@ jobs:
 
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@master
-    - name: Run Snyk to check for vulnerabilities
-      uses: snyk/actions/node@master
-      env:
-        SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+    - uses: actions/checkout@v2
+
+    - name: Cache NPM dependencies
+      uses: actions/cache@v1
+      with:
+        path: |
+           ~/.npm
+           node_modules
+        key: ${{ runner.OS }}-npm-cache-${{ hashFiles('**/package-lock.json') }}
+        restore-keys: |
+          ${{ runner.OS }}-npm-cache-
+
+    - name: Use Node.js 12.x
+      uses: actions/setup-node@v1
       with:
-        args: "--dev --fail-on=upgradable"
+        node-version: 12.x
+    - run: npm config set script-shell $(which bash)
+    - run: npm ci
+    - run: npm run security
 
   build:
     if: "! contains(toJSON(github.event.commits.*.message), '[skip-ci]')"

diff --git a/.snyk b/.snyk
@@ -0,0 +1,4 @@
+# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
+version: v1.14.1
+ignore: {}
+patch: {}