Merge pull request #84 from IABTechLab/gdm-UID2-3154-secret-scanning

Added build-and-test vuln scan pipeline
IABTechLab · Apr 30, 2024 · 16e4538 · 16e4538
2 parents 41e0091 + bcbc70e
commit 16e4538
Show file tree

Hide file tree

Showing 6 changed files with 5,051 additions and 304 deletions.
diff --git a/.github/workflows/node.js.yaml b/.github/workflows/node.js.yaml
@@ -31,3 +31,5 @@ jobs:
         working-directory: ${{ env.WORKING_DIR }}
       - run: npm test
         working-directory: ${{ env.WORKING_DIR }}
+      - name: Vulnerability Scan
+        uses: IABTechLab/uid2-shared-actions/actions/vulnerability_scan_filesystem@v2
diff --git a/.trivyignore b/.trivyignore
@@ -0,0 +1,5 @@
+# List any vulnerability that are to be accepted
+# See https://aquasecurity.github.io/trivy/v0.35/docs/vulnerability/examples/filter/ 
+# for more details
+# e.g. 
+# CVE-2022-3996