feat: remove node-js-scan job (48f73afb) · Commits · to be continuous... / Node.js

README.md

+18 −31

Original line number	Diff line number	Diff line
		@@ -20,7 +20,7 @@ include:
		The Node.js template uses some global configuration used throughout all jobs.

		\| Name \| description \| default value \|
		\| ------------------- \| ------------------------------------ \| ------------------------------------------------------ \|
		\|------------------------\|-------------------------------------------------------------------------------------------------------\|-------------------\|
		\| `NODE_IMAGE` \| The Docker image used to run Node.js <br/>:warning: set the version required by your project \| `node:lts-alpine` \|
		\| `NPM_CONFIG_REGISTRY` \| NPM [registry](https://docs.npmjs.com/configuring-your-registry-settings-as-an-npm-enterprise-user) \| _none_ \|
		\| `NODE_PROJECT_DIR` \| Node project root directory \| `.` \|
		@@ -35,7 +35,7 @@ The Node template features a job `node-lint` that performs Node.js source code *
		It is bound to the `test` stage, and uses the following variable:

		\| Name \| description \| default value \|
		\| ---------------- \| --------------------------------------------------------------------------- \| ------------- \|
		\|--------------------------\|------------------------------------------------------------------------------------------------------\|-------------------------------\|
		\| `NODE_LINT_ENABLED` \| Set to `true` to enable lint analysis \| _none_ (disabled) \|
		\| `NODE_LINT_ARGS` \| NPM [run-script](https://docs.npmjs.com/cli/run-script.html) arguments to execute the lint analysis \| `run lint` \|
		\| `NODE_LINT_REPORT_PATH` \| Variable to define lint analysis report path \| `reports/eslint-report.json` \|
		@@ -50,7 +50,7 @@ for jobs dependency reasons (some jobs such as SONAR analysis have a dependency
		This job is bound to the `build` stage, and uses the following variables:

		\| Name \| description \| default value \|
		\| ----------------- \| ------------------------------------------------------------ \| -------------------- \|
		\|-------------------------------\|---------------------------------------------------------------\|---------------------------------\|
		\| `NODE_BUILD_DISABLED` \| Set to `true` to disable build \| _none_ (enabled) \|
		\| `NODE_BUILD_DIR` \| Variable to define build directory \| `dist` \|
		\| `NODE_BUILD_ARGS` \| NPM [build](https://docs.npmjs.com/cli/build.html) arguments \| `run build --prod` \|
		@@ -274,16 +274,3 @@ npm install --save-dev npm-outdated-html
		\| `NODE_OUTDATED_JSON_PATH` \| NPM [outdated](https://docs.npmjs.com/cli/outdated) JSON report path \| `reports/npm-outdated-report.json` \|
		\| `NODE_OUTDATED_HTML_ARGS` \| NPM [outdated HTML](https://www.npmjs.com/package/npm-outdated-html) report generation arguments \| `--output reports/npm-outdated-report.html` \|

		### `node-js-scan` job

		This jobs is disabled by default and performs a [njsscan](https://github.com/ajinabraham/njsscan) (Static Security Code Scanner) analysis.

		It is bound to the `test` stage, and uses the following variables:

		To activate the NodeJsScan, you need to set some VARIABLES

		\| Name \| description \| default value \|
		\| --------------------- \| ----------------- \| ----------------- \|
		\| `NODEJSSCAN_ENABLED` \| Set to `true` to enable njsscan analysis \| _none_ (disabled) \|
		\| `NODEJSSCAN_IMAGE` \| njsscan image \| `opensecurity/njsscan:latest` \|
		\| `NODEJSSCAN_ARGS` \| njsscan [arguments](https://github.com/ajinabraham/njsscan#command-line-options) \| _none_ \|

kicker.json

+0 −19

Original line number	Diff line number	Diff line
		@@ -122,25 +122,6 @@
		"advanced": true
		}
		]
		},
		{
		"id": "njsscan",
		"name": "njsscan",
		"description": "[njsscan](https://github.com/ajinabraham/njsscan) (Static Security Code Scanner) analysis",
		"enable_with": "NODEJSSCAN_ENABLED",
		"variables": [
		{
		"name": "NODEJSSCAN_IMAGE",
		"description": "njsscan image",
		"default": "opensecurity/njsscan:latest",
		"advanced": true
		},
		{
		"name": "NODEJSSCAN_ARGS",
		"description": "njsscan [arguments](https://github.com/ajinabraham/njsscan#command-line-options)",
		"advanced": true
		}
		]
		}
		]
		}

templates/gitlab-ci-node.yml

+3 −28

Original line number	Diff line number	Diff line
		@@ -299,36 +299,10 @@ node-lint:
		- allow_failure: true

		###############################################################################################
		# Test stage: NodeJsScan & npm audit
		# Test stage: audit & outdated
		###############################################################################################
		# NodeJsScan
		node-js-scan:
		image: $NODEJSSCAN_IMAGE
		services:
		- name: "$TBC_TRACKING_IMAGE"
		command: ["--service", "node", "2.3.0" ]
		stage: test
		script:
		- mkdir -p reports
		- njsscan $NODEJSSCAN_ARGS -o reports/nodejsscan-report.txt ${NODE_SOURCE_DIR} \|\| true
		- njsscan $NODEJSSCAN_ARGS --sarif -o reports/nodejsscan-report-sarif.json ${NODE_SOURCE_DIR}
		artifacts:
		when: always
		name: "$CI_JOB_NAME artifacts from $CI_PROJECT_NAME on $CI_COMMIT_REF_SLUG"
		expire_in: 1 day
		paths:
		- $NODE_PROJECT_DIR/reports/
		rules:
		# on production branch(es): if $NODEJSSCAN_ENABLED is set
		- if: '$NODEJSSCAN_ENABLED == "true" && $CI_COMMIT_REF_NAME =~ $PROD_REF'
		# on integration branch(es): if $NODEJSSCAN_ENABLED is set
		- if: '$NODEJSSCAN_ENABLED == "true" && $CI_COMMIT_REF_NAME =~ $INTEG_REF'
		# on non-production, non-integration branches, with $NODEJSSCAN_ENABLED set: manual & non-blocking
		- if: '$NODEJSSCAN_ENABLED == "true"'
		when: manual
		allow_failure: true

		# npm audit
		# audit
		node-npm-audit:
		extends: .node-base
		stage: test
		@@ -351,6 +325,7 @@ node-npm-audit:
		- when: manual
		allow_failure: true

		# outdated
		node-npm-outdated:
		extends: .node-base
		stage: test

Original line number	Diff line number	Diff line
		@@ -20,7 +20,7 @@ include:
		The Node.js template uses some global configuration used throughout all jobs.

		\| Name \| description \| default value \|
		\| ------------------- \| ------------------------------------ \| ------------------------------------------------------ \|
		\|------------------------\|-------------------------------------------------------------------------------------------------------\|-------------------\|
		\| `NODE_IMAGE` \| The Docker image used to run Node.js <br/>:warning: set the version required by your project \| `node:lts-alpine` \|
		\| `NPM_CONFIG_REGISTRY` \| NPM [registry](https://docs.npmjs.com/configuring-your-registry-settings-as-an-npm-enterprise-user) \| _none_ \|
		\| `NODE_PROJECT_DIR` \| Node project root directory \| `.` \|
		@@ -35,7 +35,7 @@ The Node template features a job `node-lint` that performs Node.js source code *
		It is bound to the `test` stage, and uses the following variable:

		\| Name \| description \| default value \|
		\| ---------------- \| --------------------------------------------------------------------------- \| ------------- \|
		\|--------------------------\|------------------------------------------------------------------------------------------------------\|-------------------------------\|
		\| `NODE_LINT_ENABLED` \| Set to `true` to enable lint analysis \| _none_ (disabled) \|
		\| `NODE_LINT_ARGS` \| NPM [run-script](https://docs.npmjs.com/cli/run-script.html) arguments to execute the lint analysis \| `run lint` \|
		\| `NODE_LINT_REPORT_PATH` \| Variable to define lint analysis report path \| `reports/eslint-report.json` \|
		@@ -50,7 +50,7 @@ for jobs dependency reasons (some jobs such as SONAR analysis have a dependency
		This job is bound to the `build` stage, and uses the following variables:

		\| Name \| description \| default value \|
		\| ----------------- \| ------------------------------------------------------------ \| -------------------- \|
		\|-------------------------------\|---------------------------------------------------------------\|---------------------------------\|
		\| `NODE_BUILD_DISABLED` \| Set to `true` to disable build \| _none_ (enabled) \|
		\| `NODE_BUILD_DIR` \| Variable to define build directory \| `dist` \|
		\| `NODE_BUILD_ARGS` \| NPM [build](https://docs.npmjs.com/cli/build.html) arguments \| `run build --prod` \|
		@@ -274,16 +274,3 @@ npm install --save-dev npm-outdated-html
		\| `NODE_OUTDATED_JSON_PATH` \| NPM [outdated](https://docs.npmjs.com/cli/outdated) JSON report path \| `reports/npm-outdated-report.json` \|
		\| `NODE_OUTDATED_HTML_ARGS` \| NPM [outdated HTML](https://www.npmjs.com/package/npm-outdated-html) report generation arguments \| `--output reports/npm-outdated-report.html` \|

		### `node-js-scan` job

		This jobs is disabled by default and performs a [njsscan](https://github.com/ajinabraham/njsscan) (Static Security Code Scanner) analysis.

		It is bound to the `test` stage, and uses the following variables:

		To activate the NodeJsScan, you need to set some VARIABLES

		\| Name \| description \| default value \|
		\| --------------------- \| ----------------- \| ----------------- \|
		\| `NODEJSSCAN_ENABLED` \| Set to `true` to enable njsscan analysis \| _none_ (disabled) \|
		\| `NODEJSSCAN_IMAGE` \| njsscan image \| `opensecurity/njsscan:latest` \|
		\| `NODEJSSCAN_ARGS` \| njsscan [arguments](https://github.com/ajinabraham/njsscan#command-line-options) \| _none_ \|