Giters

wickett / docker-retirejs

Retire.js Docker image for scanning JavaScript libraries with known vulnerabilities

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Retire.js

Build Status Docker Automated build

Overview

A small image based on the offical Node Alpine image. For more information on the great tool Retire.js check out their GitHub project!

Usage

CMD

To scan your project for JavaScript vulnerabilities run following command

$ docker run --rm -v $PWD:/app gruebel/retirejs:latest

Additionally it is possible to use the supported arguments

$ docker run --rm -v $PWD:/app gruebel/retirejs:latest --ignorefile .retireignore.json

Jenkins Pipeline

To integrate it into a CI/CD pipeline add following snippet

Jenkinsfile (Declarative Pipeline)
pipeline {
    agent none
    stages {
        stage('JS vulnerability check') {
            agent {
                docker 'gruebel/retirejs:latest'
                args '--entrypoint ""'
            }
            steps {
                sh 'retire'
            }
        }
    }
}

Development

Npm package version check

To check for any outdated npm packages run following command

$ docker run --rm -it --entrypoint='' gruebel/retirejs:latest npm outdated -g

About

Retire.js Docker image for scanning JavaScript libraries with known vulnerabilities

Languages

Language:Dockerfile 59.5%Language:Shell 40.5%