I am using npm audit on my gitlab CI, everything works fine I have a json created with the list of the dependencies to update.
Now, I want this pipeline to fail everytime a dependency is outdated.
On other languages we have php/pip that makes the pipeline fail
Any idea ?
image: "registry.gitlab.com/gitlab-org/security-products/analyzers/npm-audit:1.4.0"
stage: security-check
variables:
TOOL: npm
script:
- /analyzer run
artifacts:
reports:
dependency_scanning: gl-dependency-scanning-report.json
paths:
- gl-dependency-scanning-report.json
You can add the option for allowing failures or not with the allow_failure option in your job.
You can add this to your security-check job with the following:
image: "registry.gitlab.com/gitlab-org/security-products/analyzers/npm-audit:1.4.0"
stage: security-check
variables:
TOOL: npm
allow_failure: false
script:
- /analyzer run
artifacts:
reports:
dependency_scanning: gl-dependency-scanning-report.json
paths:
- gl-dependency-scanning-report.json
There is also another tool here
This tool offers environment variables that can be configured depending on the severity of the npm audit.
From the above Gitlabs Readme:
SCAN_EXIT_CODE - Will force a specific exit code in case of a moderate, high or critical vulnerability is found. In case this is not set, exit code 1 will be used in the cases above, else 0.