A small image based on the offical Node Alpine image. For more information on the great tool Retire.js check out their GitHub project!
To scan your project for JavaScript vulnerabilities run following command
$ docker run --rm -v $PWD:/app gruebel/retirejs:latest
Additionally it is possible to use the supported arguments
$ docker run --rm -v $PWD:/app gruebel/retirejs:latest --ignorefile .retireignore.json
To integrate it into a CI/CD pipeline add following snippet
Jenkinsfile (Declarative Pipeline)
pipeline {
agent none
stages {
stage('JS vulnerability check') {
agent {
docker 'gruebel/retirejs:latest'
args '--entrypoint ""'
}
steps {
sh 'retire'
}
}
}
}
To check for any outdated npm packages run following command
$ docker run --rm -it --entrypoint='' gruebel/retirejs:latest npm outdated -g