diff --git a/.github/workflows/trivy.yaml b/.github/workflows/trivy.yaml
new file mode 100644
index 0000000..6d1875d
--- /dev/null
+++ b/.github/workflows/trivy.yaml
@@ -0,0 +1,29 @@
+# This is a basic workflow to help you get started with Actions
+
+name: Trivy Scan
+
+# Controls when the action will run. Triggers the workflow on push or pull request
+# events but only for the master branch
+on:
+ pull_request:
+ branches: [master]
+ types: [opened, synchronize, reopened]
+
+# A workflow run is made up of one or more jobs that can run sequentially or in parallel
+jobs:
+ # This workflow contains a single job called "trivy"
+ trivy:
+ # The type of runner that the job will run on
+ runs-on: [self-hosted, linux, codebuild]
+
+ # Steps represent a sequence of tasks that will be executed as part of the job
+ steps:
+ # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
+ - uses: actions/checkout@v3
+
+ - name: Run Trivy vulnerability scanner in repo mode
+ uses: aquasecurity/trivy-action@0.28.0
+ with:
+ scan-type: "fs"
+ scan-ref: "${{ github.workspace }}"
+ trivy-config: "${{ github.workspace }}/trivy.yml"
\ No newline at end of file
diff --git a/README.md b/README.md
index 8c71aeb..a9a2f39 100644
--- a/README.md
+++ b/README.md
@@ -9,9 +9,6 @@
-
-
-
diff --git a/package-lock.json b/package-lock.json
index 47f3787..b58ef3b 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -1991,9 +1991,9 @@
}
},
"node_modules/@openapi-contrib/openapi-schema-to-json-schema/node_modules/@types/node": {
- "version": "20.19.13",
- "resolved": "https://registry.npmjs.org/@types/node/-/node-20.19.13.tgz",
- "integrity": "sha512-yCAeZl7a0DxgNVteXFHt9+uyFbqXGy/ShC4BlcHkoE0AfGXYv/BUiplV72DjMYXHDBXFjhvr6DD1NiRVfB4j8g==",
+ "version": "20.19.14",
+ "resolved": "https://registry.npmjs.org/@types/node/-/node-20.19.14.tgz",
+ "integrity": "sha512-gqiKWld3YIkmtrrg9zDvg9jfksZCcPywXVN7IauUGhilwGV/yOyeUsvpR796m/Jye0zUzMXPKe8Ct1B79A7N5Q==",
"license": "MIT",
"dependencies": {
"undici-types": "~6.21.0"
@@ -3433,6 +3433,16 @@
"node": ">=6.0.0"
}
},
+ "node_modules/baseline-browser-mapping": {
+ "version": "2.8.3",
+ "resolved": "https://registry.npmjs.org/baseline-browser-mapping/-/baseline-browser-mapping-2.8.3.tgz",
+ "integrity": "sha512-mcE+Wr2CAhHNWxXN/DdTI+n4gsPc5QpXpWnyCQWiQYIYZX+ZMJ8juXZgjRa/0/YPJo/NSsgW15/YgmI4nbysYw==",
+ "dev": true,
+ "license": "Apache-2.0",
+ "bin": {
+ "baseline-browser-mapping": "dist/cli.js"
+ }
+ },
"node_modules/basic-auth": {
"version": "2.0.1",
"resolved": "https://registry.npmjs.org/basic-auth/-/basic-auth-2.0.1.tgz",
@@ -3596,9 +3606,9 @@
"license": "ISC"
},
"node_modules/browserslist": {
- "version": "4.25.4",
- "resolved": "https://registry.npmjs.org/browserslist/-/browserslist-4.25.4.tgz",
- "integrity": "sha512-4jYpcjabC606xJ3kw2QwGEZKX0Aw7sgQdZCvIK9dhVSPh76BKo+C+btT1RRofH7B+8iNpEbgGNVWiLki5q93yg==",
+ "version": "4.26.0",
+ "resolved": "https://registry.npmjs.org/browserslist/-/browserslist-4.26.0.tgz",
+ "integrity": "sha512-P9go2WrP9FiPwLv3zqRD/Uoxo0RSHjzFCiQz7d4vbmwNqQFo9T9WCeP/Qn5EbcKQY6DBbkxEXNcpJOmncNrb7A==",
"dev": true,
"funding": [
{
@@ -3616,9 +3626,10 @@
],
"license": "MIT",
"dependencies": {
- "caniuse-lite": "^1.0.30001737",
- "electron-to-chromium": "^1.5.211",
- "node-releases": "^2.0.19",
+ "baseline-browser-mapping": "^2.8.2",
+ "caniuse-lite": "^1.0.30001741",
+ "electron-to-chromium": "^1.5.218",
+ "node-releases": "^2.0.21",
"update-browserslist-db": "^1.1.3"
},
"bin": {
@@ -5191,9 +5202,9 @@
}
},
"node_modules/debug": {
- "version": "4.4.1",
- "resolved": "https://registry.npmjs.org/debug/-/debug-4.4.1.tgz",
- "integrity": "sha512-KcKCqiftBJcZr++7ykoDIEwSa3XWowTfNPo92BYxjXiyYEVrUQh2aLyhxBCwww+heortUFxEJYcRzosstTEBYQ==",
+ "version": "4.4.3",
+ "resolved": "https://registry.npmjs.org/debug/-/debug-4.4.3.tgz",
+ "integrity": "sha512-RGwwWnwQvkVfavKVt22FGLw+xYSdzARwm0ru6DhTVA3umU5hZc28V3kO4stgYryrTlLpuvgI9GiijltAjNbcqA==",
"license": "MIT",
"dependencies": {
"ms": "^2.1.3"
@@ -5660,9 +5671,9 @@
}
},
"node_modules/electron-to-chromium": {
- "version": "1.5.217",
- "resolved": "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.5.217.tgz",
- "integrity": "sha512-Pludfu5iBxp9XzNl0qq2G87hdD17ZV7h5T4n6rQXDi3nCyloBV3jreE9+8GC6g4X/5yxqVgXEURpcLtM0WS4jA==",
+ "version": "1.5.218",
+ "resolved": "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.5.218.tgz",
+ "integrity": "sha512-uwwdN0TUHs8u6iRgN8vKeWZMRll4gBkz+QMqdS7DDe49uiK68/UX92lFb61oiFPrpYZNeZIqa4bA7O6Aiasnzg==",
"dev": true,
"license": "ISC"
},
@@ -10714,9 +10725,9 @@
}
},
"node_modules/node-releases": {
- "version": "2.0.20",
- "resolved": "https://registry.npmjs.org/node-releases/-/node-releases-2.0.20.tgz",
- "integrity": "sha512-7gK6zSXEH6neM212JgfYFXe+GmZQM+fia5SsusuBIUgnPheLFBmIPhtFoAQRj8/7wASYQnbDlHPVwY0BefoFgA==",
+ "version": "2.0.21",
+ "resolved": "https://registry.npmjs.org/node-releases/-/node-releases-2.0.21.tgz",
+ "integrity": "sha512-5b0pgg78U3hwXkCM8Z9b2FJdPZlr9Psr9V2gQPESdGHqbntyFJKFW4r5TeWGFzafGY3hzs1JC62VEQMbl1JFkw==",
"dev": true,
"license": "MIT"
},
@@ -17201,18 +17212,18 @@
"integrity": "sha512-uEv/AFO0ADI7d99OHDmh1QfYzQk/izT1vCmu/riQfh7qjBVUUgRT87E5s5h7CxWCA/+YoZerykpEthzVrW3LIw=="
},
"node_modules/simple-swizzle": {
- "version": "0.2.2",
- "resolved": "https://registry.npmjs.org/simple-swizzle/-/simple-swizzle-0.2.2.tgz",
- "integrity": "sha512-JA//kQgZtbuY83m+xT+tXJkmJncGMTFT+C+g2h2R9uxkYIrE2yy9sgmcLhCnw57/WSD+Eh3J97FPEDFnbXnDUg==",
+ "version": "0.2.4",
+ "resolved": "https://registry.npmjs.org/simple-swizzle/-/simple-swizzle-0.2.4.tgz",
+ "integrity": "sha512-nAu1WFPQSMNr2Zn9PGSZK9AGn4t/y97lEm+MXTtUDwfP0ksAIX4nO+6ruD9Jwut4C49SB1Ws+fbXsm/yScWOHw==",
"license": "MIT",
"dependencies": {
"is-arrayish": "^0.3.1"
}
},
"node_modules/simple-swizzle/node_modules/is-arrayish": {
- "version": "0.3.2",
- "resolved": "https://registry.npmjs.org/is-arrayish/-/is-arrayish-0.3.2.tgz",
- "integrity": "sha512-eVRqCvVlZbuw3GrM63ovNSNAeA1K16kaR/LRY/92w0zxQ5/1YzwblUX652i4Xs9RwAGjW9d9y6X88t8OaAJfWQ==",
+ "version": "0.3.4",
+ "resolved": "https://registry.npmjs.org/is-arrayish/-/is-arrayish-0.3.4.tgz",
+ "integrity": "sha512-m6UrgzFVUYawGBh1dUsWR5M2Clqic9RVXC/9f8ceNlv2IcO9j9J/z8UoCLPqtsPBFNzEpfR3xftohbfqDx8EQA==",
"license": "MIT"
},
"node_modules/sinon": {
diff --git a/package.json b/package.json
index 2204965..d794dc0 100644
--- a/package.json
+++ b/package.json
@@ -99,6 +99,7 @@
"registry": "https://registry.npmjs.org/"
},
"overrides": {
+ "axios": "^1.12.0",
"git-release-notes": {
"ejs": "^3.1.8",
"yargs": "^17.6.2"
diff --git a/trivy.yml b/trivy.yml
new file mode 100644
index 0000000..8a56162
--- /dev/null
+++ b/trivy.yml
@@ -0,0 +1,16 @@
+format: table
+exit-code: 1
+severity:
+ - HIGH
+ - CRITICAL
+skip-files:
+ - db.env
+security-checks:
+ - vuln
+ - secret
+ - license
+vulnerability:
+ type:
+ - os
+ - library
+ ignore-unfixed: true
\ No newline at end of file