search

lirantal / is-website-vulnerable

finds publicly known security vulnerabilities in a website's frontend JavaScript libraries
Apache License 2.0
1.94k stars 111 forks source link

GitHub Action #65

Closed mattorb closed 4 years ago

mattorb commented 4 years ago

This enables using the docker container as a Github Action.

If any vulnerabilities are detected, exit with error code 2, so the Github action can fail.

Tune that @v1 in the README for whatever the release ends up being tagged.

p.s. - Javascript isn't my primary thing, so feel free to be blunt if I'm doing anything silly.

lirantal commented 4 years ago

@mattorb thanks for sending this, looks wonderful ✨ I left a couple of questions on the GitHub Actions setup since I'm less familiar with that and wanted to be sure before we merge.

If all looks good on your side we'll land this straight-away and release a new version.

mattorb commented 4 years ago

Note: Since the docker file pulls the release via npm (rather than building it), you'll have to release to npm, for the Github Action to be able to run the container with the new exit code changes.

lirantal commented 4 years ago

@mattorb good comment on the npm release, that will happen automatically (the release to npm) due to the automated release process we have.

are you going to push a change for the github action to be versioned as @master or are we leaving it as is?

Ryuno-Ki commented 4 years ago

@mattorb If it helps you:

p.s. - Javascript isn't my primary thing, so feel free to be blunt if I'm doing anything silly.

Your JavaScript code looks good! Some things I personally would have done differently (like placing {} around if and else body), but, the code is perfectly valid.

mattorb commented 4 years ago

@Ryuno-Ki definitely an oversight on my part not following the bracing style in the existing code. Fixed that.

mattorb commented 4 years ago

@lirantal ok, I think this is good to go.

lirantal commented 4 years ago

Looks great to me, thanks a lot @mattorb for sending this. Appreciate all the effort and thoughtfulness put with this PR 💜

@Ryuno-Ki thanks for jumping to support 🤗

github-actions[bot] commented 4 years ago

:tada: This PR is included in version 1.14.0 :tada:

The release is available on:

Your semantic-release bot :package::rocket:

mattorb commented 4 years ago

FYI: I switched over from my own fork+branch to use the action directly from lirantal/is-website-vulnerable@master and it is working well:

Screen Shot 2020-02-06 at 8 36 07 AM
lirantal commented 4 years ago

yay, thank you for confirming ❤️ and for building it 😉