/ci-action

The official GitHub action of the @nodesecure/ci package

Primary LanguageJavaScriptMIT LicenseMIT

NodeSecure CI Action

version Maintenance OpenSSF Scorecard mit build

@nodesecure/ci brings together a set of tools to identify dependencies vulnerabilities and track most common malicious code and patterns.

Please refer to the @nodesecure/ci documentation to see more about the project.

Usage

Add to an existing Workflow

Simply add this action to your workflow

uses: NodeSecure/ci-action@v1

Add a new dedicated Workflow

Here's a sample complete workflow you can add to your repositories:

.github/workflows/nodesecure.yml

name: "NodeSecure Continuous Integration"
on: [push]

jobs:
  validation:
    name: "Analysis"
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v2
      - uses: NodeSecure/ci-action@v1
        with:
            strategy: npm
            vulnerabilities: medium
            warnings: off
            reporters: console

Contributors ✨

All Contributors

Thanks goes to these wonderful people (emoji key):


Antoine
💻
Gentilhomme
🚧 👀

License

MIT