Bulk Transfers API and notifications.
Swagger API location
We use npm-audit-resolver along with npm audit to check dependencies for node vulnerabilities, and keep track of resolved dependencies with an audit-resolve.json file.
To start a new resolution process, run:
npm run audit:resolveYou can then check to see if the CI will pass based on the current dependencies with:
npm run audit:checkAnd commit the changed audit-resolve.json to ensure that CircleCI will build correctly.
As part of our CI/CD process, we use anchore-cli to scan our built docker container for vulnerabilities upon release.
If you find your release builds are failing, refer to the container scanning in our shared Mojaloop CI config repo. There is a good chance you simply need to update the mojaloop-policy-generator.js file and re-run the circleci workflow.
For more information on anchore and anchore-cli, refer to: