Add yarn audit check on github actions (#2441)

Checks for known security issues with the installed packages Signed-off-by: Lenin Alevski <alevsk.8772@gmail.com> Signed-off-by: Lenin Alevski <alevsk.8772@gmail.com>
2022-11-08 19:20:47 -08:00
parent cbbf3c5a53
commit c57df87bc3
1 changed files with 6 additions and 1 deletions
--- a/.github/workflows/jobs.yaml
+++ b/.github/workflows/jobs.yaml
@@ -284,7 +284,7 @@ jobs:
          semgrep --config semgrep.yaml $(pwd)/portal-ui --error

  no-warnings-and-make-assets:
-    name: "React Code Has No Warnings & is Prettified, then Make Assets"
+    name: "React Code Has No Vulnerabilities, Warnings & is Prettified, then Make Assets"
    runs-on: ubuntu-latest
    strategy:
      matrix:
@@ -333,6 +333,11 @@ jobs:
          restore-keys: |
            ${{ runner.os }}-assets-

+      - name: Checks for known security issues with the installed packages
+        working-directory: ./portal-ui
+        continue-on-error: false
+        run: |
+          yarn audit
      - name: Install Dependencies
        working-directory: ./portal-ui
        continue-on-error: false