Skip to content
Closed
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
15 changes: 15 additions & 0 deletions .audit-ci.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
{
"moderate": true,
"high": true,
"critical": true,
"advisories": ["1096727"],
"allowlist": {
"1096727": {
"reason": "request package - SSRF vulnerability but no patch available. Used by octonode dependency.",
"expiry": "2025-12-31"
}
},
"report-type": "full",
"output-format": "text",
"skip-dev": false
}
6 changes: 3 additions & 3 deletions .github/workflows/build-images.yml
Original file line number Diff line number Diff line change
Expand Up @@ -60,7 +60,7 @@ jobs:
run: yarn install --frozen-lockfile

- name: Run dependency security audit
run: yarn audit --groups dependencies --level moderate
run: yarn security:audit

- name: Run detect-secrets
run: |
Expand Down Expand Up @@ -90,10 +90,10 @@ jobs:
run: yarn install --frozen-lockfile

- name: Run linting for ${{ matrix.app }}
run: turbo run lint --filter=${{ matrix.app }}
run: yarn lint --filter=${{ matrix.app }} --fix

- name: Run tests for ${{ matrix.app }}
run: turbo run test --filter=${{ matrix.app }} -- --coverage --watchAll=false
run: yarn test --filter=${{ matrix.app }} -- --coverage --watchAll=false

- name: Upload coverage reports to Codecov
uses: codecov/codecov-action@v4
Expand Down
4 changes: 4 additions & 0 deletions package.json
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,8 @@
"secrets:check": "scripts/detect-secrets.sh",
"secrets:check:staged": "scripts/detect-secrets-staged.sh",
"secrets:setup": "detect-secrets scan --update .secrets.baseline",
"security:audit": "audit-ci --config .audit-ci.json",
"security:audit-better": "better-npm-audit audit --level moderate",
"seed:update": "turbo run seed:update --filter=api",
"setup": "[ -d \"$(git rev-parse --show-toplevel)/apps/api\" ] && cd \"$(git rev-parse --show-toplevel)/apps/api\" && dotenv -e ./dev.env -- npx prisma migrate dev && npx prisma generate; cd $(git rev-parse --show-toplevel)",
"setup:no-git": "cd ./apps/api && dotenv -e ./dev.env -- npx prisma migrate dev && npx prisma generate; cd ../../",
Expand Down Expand Up @@ -96,6 +98,8 @@
"zod": "^3.23.5"
},
"devDependencies": {
"audit-ci": "^7.1.0",
"better-npm-audit": "^3.8.0",
"detect-secrets": "^1.0.6",
"dotenv-cli": "^8.0.0",
"prettier": "^3.5.3",
Expand Down
Loading