Add base directory and pnpm support

Dockerfile

@@ -132,6 +132,7 @@ ENV NODE_DOWNLOAD_URL https://nodejs.org/dist/v${NODE_VERSION}/${NODE_TARBALL_FI
 ENV NODE_DOWNLOAD_SHA256 bf30432175ea8a95fa3e5fe09e96d9fc17b07099742d5c83c4cf9d0edfc411ff
 ENV NPM_VERSION 6.14.8
 ENV YARN_VERSION 1.22.0
+ENV PNPM_VERSION 6.14.7
 ENV NPM_CONFIG_LOGLEVEL info
 
 COPY build/package.json build/yarn.lock /home/
@@ -140,11 +141,11 @@ RUN curl -fsSL "$NODE_DOWNLOAD_URL" -o node.tar.gz \
   && tar -C /usr/local -xzf node.tar.gz --strip-components=1 \
   && npm install -g npm@${NPM_VERSION} \
   && npm install -g yarn@${YARN_VERSION} \
+  && npm install -g pnpm@${PNPM_VERSION} \
   && cd /home \
   && yarn install \
   && rm -rf /node.tar.gz package.json yarn.lock /tmp/* ~/.npm
 
-
 ### All other tools
 ENV PIP_VERSION 18.1
 COPY --from=builder /root/go/bin/sift /usr/local/bin

entrypoint.sh

@@ -27,6 +27,6 @@ custom_info:
 reports:
   - uri: $INPUT_REPORT_URI
     format: $INPUT_REPORT_FORMAT
-    verbose: $INPUT_REPORT_VERBOSITY" | tee $GITHUB_WORKSPACE/../salus-configuration.yaml 
+    verbose: $INPUT_REPORT_VERBOSITY" | tee $GITHUB_WORKSPACE/../salus-configuration.yaml
 
-cd /home && BUNDLE_GEMFILE=/home/Gemfile bundle exec /home/bin/salus scan --repo_path "$GITHUB_WORKSPACE" --config "$SALUS_CONFIGURATION"
+cd /home && BUNDLE_GEMFILE=/home/Gemfile bundle exec /home/bin/salus scan --repo_path "$GITHUB_WORKSPACE/$BASE_DIRECTORY" --config "$SALUS_CONFIGURATION"

lib/salus/scanners/npm_audit.rb

@@ -7,14 +7,14 @@
 
 module Salus::Scanners
   class NPMAudit < NodeAudit
-    AUDIT_COMMAND = 'npm audit --json'.freeze
+    AUDIT_COMMAND = 'pnpm audit --json'.freeze
 
     def should_run?
-      @repository.package_lock_json_present?
+      true
     end
 
     def version
-      shell_return = run_shell('npm audit --version')
+      shell_return = run_shell('pnpm --version')
       # stdout looks like "6.14.8\n"
       shell_return.stdout&.strip
     end