From c57df87bc3274f0263054ad40d710a8d16eb0205 Mon Sep 17 00:00:00 2001
From: Lenin Alevski <alevsk.8772@gmail.com>
Date: Tue, 8 Nov 2022 19:20:47 -0800
Subject: [PATCH] Add `yarn audit` check on github actions (#2441)

Checks for known security issues with the installed packages

Signed-off-by: Lenin Alevski <alevsk.8772@gmail.com>

Signed-off-by: Lenin Alevski <alevsk.8772@gmail.com>
---
 .github/workflows/jobs.yaml | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/jobs.yaml b/.github/workflows/jobs.yaml
index c8729280d..edabfb924 100644
--- a/.github/workflows/jobs.yaml
+++ b/.github/workflows/jobs.yaml
@@ -284,7 +284,7 @@ jobs:
           semgrep --config semgrep.yaml $(pwd)/portal-ui --error
 
   no-warnings-and-make-assets:
-    name: "React Code Has No Warnings & is Prettified, then Make Assets"
+    name: "React Code Has No Vulnerabilities, Warnings & is Prettified, then Make Assets"
     runs-on: ubuntu-latest
     strategy:
       matrix:
@@ -333,6 +333,11 @@ jobs:
           restore-keys: |
             ${{ runner.os }}-assets-
 
+      - name: Checks for known security issues with the installed packages
+        working-directory: ./portal-ui
+        continue-on-error: false
+        run: |
+          yarn audit
       - name: Install Dependencies
         working-directory: ./portal-ui
         continue-on-error: false