-
Notifications
You must be signed in to change notification settings - Fork 166
Conversation
What is the purpose for this change? |
https://jira2.cerner.com/browse/UXPLATFORM-8278 - this is a Pr audit will run when a PR builds. as of now it will give audit report & log all the vulnerabilities. if we want to fail we can fail for critical & high vulnerabilities that will be feature enhancement. |
Do we really want to fail builds for vulnerabilities or should we just run the audit script separately from the CI/CD periodically and log Jiras based on that? |
Yeah I don't think we should fail builds, this will add potential blockers to merging PRs & doing releases. I also have concerns about inflating build times if we're only going to throw out warnings. |
we are not failing the build for vulnerabilities. And compared the build time and it doesn't take much time(< 201 325ms ) . moreover it is used to see how many CVES (vulnerability's) are monitoring. |
This issue has been automatically marked as inactive because it has not had recent activity. It will be closed in seven days if no further activity occurs. Thank you for your contributions. |
Summary
Creating "npm audit" during the ci/cd build
What was changed:
Why it was changed:
Testing
This change was tested using:
Reviews
In addition to engineering reviews, this PR needs:
Additional Details
This PR resolves:
UXPLATFORM-XXXX
Thank you for contributing to Terra.
@cerner/terra