Add dependency check task to test.yml

nhsuk · Aug 9, 2023 · 55534e2 · 55534e2
1 parent 25ba887
commit 55534e2
Showing 1 changed file with 17 additions and 0 deletions.
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -16,3 +16,20 @@ jobs:
       - run: npm ci
       - run: npm run lint
       - run: npm test
+      - name: Depcheck
+        uses: dependency-check/Dependency-Check_Action@main
+        id: Depcheck
+        with:
+          project: 'user-feedback-store'
+          path: '.'
+          format: 'HTML'
+          out: 'reports'
+          args: >
+            --failOnCVSS 7 
+            --nodePackageSkipDevDependencies
+            --nodeAuditSkipDevDependencies
+      - name: Upload OWAPS results
+        uses: actions/upload-artifact@master
+        with:
+           name: Depcheck report
+           path: ${{github.workspace}}/reports