Trigger pipeline to terminate on identification of dependencies by npm audit


I'm currently using npm audit in my GitLab CI pipeline, and it's working well. I have a JSON file that lists the dependencies needing updates.
Now, I'd like the pipeline to fail whenever a dependency is outdated.
In other languages, such as PHP or Pip, there are ways to force the pipeline to fail.
Any suggestions on how to achieve this?

  image: "registry.gitlab.com/gitlab-org/security-products/analyzers/npm-audit:1.4.0"
  stage: security-check
  variables:
    TOOL: npm
  script:
    - /analyzer run
  artifacts:
    reports:
      dependency_scanning: gl-dependency-scanning-report.json
    paths:
      - gl-dependency-scanning-report.json
javascriptnpmdependenciesaudit

Answer №1

To include the option to allow or disallow failures, you can utilize the allow_failure setting in your job configuration.

You can integrate this feature into your security validation task by including the following code snippet:

  image: "registry.gitlab.com/gitlab-org/security-products/analyzers/npm-audit:1.4.0"
  stage: security-check
  variables:
    TOOL: npm
  allow_failure: false
  script:
    - /analyzer run
  artifacts:
    reports:
      dependency_scanning: gl-dependency-scanning-report.json
    paths:
      - gl-dependency-scanning-report.json

An additional tool can be found here

This tool provides customizable environment variables based on the severity of npm audit findings.

According to Gitlab's documentation:

SCAN_EXIT_CODE - Specifies a specific exit code for moderate, high, or critical vulnerabilities discovered. If not defined, exit code 1 will apply in such scenarios, otherwise 0 will be used.

Similar questions

If you have not found the answer to your question or you are interested in this topic, then look at other similar questions below or use the search

creating alternate npm command shortcuts for a single npm script

Is there a way to set up multiple aliases or command names for the same npm scripts in package.json? For example, I want to achieve the following: when a user runs either npm run cmd1 or npm run cmd2, the same action should occur. Here is an example of h ...

node.jsnpm

Encountering an Uncaught TypeError when attempting to read properties of undefined, specifically 'backdrop', while incorporating a bootstrap 5 modal within a react environment

An issue occurred when attempting to display a Bootstrap 5 modal using JavaScript. const handleClick = (e) => { e.preventDefault(); const modalElement = document.getElementById('editUserModal'); const modal = Modal.getOrCreateInsta ...

javascriptreactjsbootstrap-5bootstrap5-modal

Creating a registration and authentication system using firebase

When using Google authentication with Firebase, is the Signup and Login logic the same? I am creating a page for user authentication but I'm unsure if I should have separate pages for signing up and logging in. This confusion arises from the fact that ...

javascriptreactjsnext.jsfirebase-authentication

What changes occurred to module file names following the process of minification?

I'm currently troubleshooting an issue with this particular code snippet: import globalComponents from './global-components'; // ... globalComponents.forEach((component) => { // eslint-disable-next-line no-underscore-da ...

javascriptvue.jswebpackmodulenode-modules

How can we effectively share code between server-side and client-side in Isomorphic ReactJS applications?

For a small test, I am using express.js and react.js. Below you can find my react code: views/Todo.jsx, var React = require('react'); var TodoApp = React.createClass({ getInitialState: function() { return { counter: 0 ...

javascriptnode.jsexpressreactjsisomorphic

Create queries for relays in a dynamic manner

I'm using Relay Modern for my client GraphQL interface and I am curious to know if it is possible to dynamically generate query statements within Relay Modern. For example, can I change the original query structure from: const ComponentQuery = graphq ...

javascriptreactjsgraphqlrelayjs

Firestore/Javascript error: FirebaseError - The data provided is invalid for the DocumentReference.set() function. An unsupported field value of 'undefined'

I keep encountering this error Error creating user: FirebaseError: Function DocumentReference.set() called with invalid data. Unsupported field value: undefined (found in field diabetesComplication) After some investigation, I realized that the iss ...

javascriptarraysjsongoogle-cloud-firestore

Randomly undefined custom jQuery function

Appreciate your assistance in advance. I am facing a peculiar scope issue on a page where multiple charts are rendered intermittently. I have created a set of jQuery functions to display different types of charts based on the provided options. Each funct ...

javascriptjqueryajax

When the onChange event is triggered, the current value in my text input field disappears in React

Just starting out with Reactjs and I'm working on creating a page where users can edit their own posts. Currently, when I try to modify the existing text in the text input, the form gets cleared and the user has to re-enter the data. This is not the b ...

javascriptreactjs

Is there a way for me to adjust the typography background based on its current status?

Is there a way to dynamically adjust the background color of text based on the status value? Currently, when the status is pending, the background color defaults to yellow. For example, if the status changes to complete, I want the background color to ch ...

javascriptreactjsmaterial-uimern

Using AngularJS to Send Elements to Scripts and Selectors

When I use the following template: <div id="container"> <textarea name="message"></textarea> <button value="send" ng-click="testMethod($parent)"> </div> In the JavaScript code: $scope.testMethod = function(element) ...

javascriptangularjs

Show concealed content for individuals who do not have javascript enabled

One of the challenges I faced was creating a form with a hidden div section that only appears when a specific element is selected from a list. To achieve this, I utilized CSS to set the display property of the div to 'none' and then used jQuery t ...

javascripthtmlcss

Preserving intricate nesting in a Mongoose schema

I've encountered a problem when trying to save nested subdocuments - I'm not certain if it's because they're not in an array or some other reason. The docs suggest that nested objects should be auto-saved, but that doesn't seem to ...

javascriptnode.jsmongoose

Troubleshooting: AngularJS not displaying $scope variables

I have a question that has already been answered, but the suggested solutions did not work for me. Everything seems to be fine, but the content within curly brackets is not displaying on screen. <div ng-controller="Hello"> <p>The I ...

javascriptangularjs

Determining If Props Have Been Undefined In React

Greetings and thank you for taking the time to read this: I am currently working through a tutorial that can be found here: My issue lies in the creation of an author, where the application is trying to load the URL of the current author's ID, which ...

javascriptreactjs

Can the `XMLHttpRequest` object stay active when the user switches to a different page?

I am currently facing an issue on my website where users can submit a form using AJAX. The response is displayed in an alert indicating whether the submission was successful or if there were any issues. However, due to the asynchronous nature of this proce ...

javascriptajaxscopexmlhttprequest

Determine the duration/length of an audio file that has been uploaded to a React application

I am working on a React web application built with create-react-app that allows users to upload songs using react-hook-forms. The uploaded songs are then sent to my Node/Express server via axios. I want to implement a feature that calculates the length of ...

javascriptreactjsaudiofile-uploadmp3

Despite setting allowHalfOpen to True, Node.js: Client still disconnects from Server

I've been working on a Node.js script that involves creating a server if a specific port is available, or connecting to an existing server if the port is already in use. To achieve this, I am using a recursive approach based on a reference from this l ...

javascriptnode.jssocketsserverclient

How can you use jQuery to select and manipulate a wildcard href ID?

There are multiple links listed below: <a href="http://www.google.com" id="link01">Google</a> <a href="http://www.yahoo.com" id="link02">Yahoo</a> <a href="http://www.cnn.com" id="link03">CNN</a> <a href="http://www. ...

phpjavascriptjqueryhtml

The functionality of Ajax autocomplete with jQuery does not function properly when the text field contains existing text

Currently, I am utilizing Ajax autocomplete for jquery in my project. Below is the HTML code snippet I have implemented: <input type="text" name="autocomplete" id="globalBCCAutoComplete"> Furthermore, here is the JS code utilized for the autocomple ...

javascriptjqueryhtmlajaxautocomplete