/docker-retirejs

Retire.js Docker image for scanning JavaScript libraries with known vulnerabilities

Primary LanguageDockerfile

Retire.js

Build Status Docker Automated build

Overview

A small image based on the offical Node Alpine image. For more information on the great tool Retire.js check out their GitHub project!

Usage

CMD

To scan your project for JavaScript vulnerabilities run following command

$ docker run --rm -v $PWD:/app gruebel/retirejs:latest

Additionally it is possible to use the supported arguments

$ docker run --rm -v $PWD:/app gruebel/retirejs:latest --ignorefile .retireignore.json

Jenkins Pipeline

To integrate it into a CI/CD pipeline add following snippet

Jenkinsfile (Declarative Pipeline)
pipeline {
    agent none
    stages {
        stage('JS vulnerability check') {
            agent {
                docker 'gruebel/retirejs:latest'
                args '--entrypoint ""'
            }
            steps {
                sh 'retire'
            }
        }
    }
}

Development

Npm package version check

To check for any outdated npm packages run following command

$ docker run --rm -it --entrypoint='' gruebel/retirejs:latest npm outdated -g