From 2a9df5ada1d73ba3257414b09ceb5ff649e96b69 Mon Sep 17 00:00:00 2001 From: Asher Date: Thu, 21 Sep 2023 13:30:58 -0800 Subject: [PATCH] Audit npm shrinkwrap as well --- .github/workflows/security.yaml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/.github/workflows/security.yaml b/.github/workflows/security.yaml index 9024e7a3c38c..7b54311ba0b5 100644 --- a/.github/workflows/security.yaml +++ b/.github/workflows/security.yaml @@ -47,10 +47,14 @@ jobs: if: steps.cache-yarn.outputs.cache-hit != 'true' run: SKIP_SUBMODULE_DEPS=1 yarn --frozen-lockfile - - name: Audit for vulnerabilities + - name: Audit yarn for vulnerabilities run: yarn _audit if: success() + - name: Audit npm for vulnerabilities + run: npm shrinkwrap && npm audit + if: success() + trivy-scan-repo: name: Scan repo with Trivy permissions: