dandri/MeshChatX
1
0
Fork 0
mirror of https://git.quad4.io/RNS-Things/MeshChatX.git synced 2026-06-03 21:11:16 +00:00
Code Issues Packages Projects Releases Wiki Activity

chore(ci): replace pnpm audit with Trivy setup and filesystem scan for vulnerability assessment

Browse Source
This commit is contained in:
Ivan
2026-04-14 20:11:46 -05:00
parent d880dc2c03
commit fc711ce94a
4 changed files with 28 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files
scripts/ci/setup-trivy.sh
+7
View File
@@ -0,0 +1,7 @@
#!/bin/sh
# Install Trivy .deb for CI (same package as scan / docker workflows).
set -eu
curl -fsSL -o /tmp/trivy.deb https://git.quad4.io/Quad4-Software/Trivy-Assets/raw/commit/fdfe96b77d2f7b7f5a90cea00af5024c9f728f17/trivy_0.69.3_Linux-64bit.deb
sh scripts/ci/exec-priv.sh dpkg -i /tmp/trivy.deb || sh scripts/ci/exec-priv.sh apt-get install -f -y
trivy --version
scripts/ci/trivy-fs-scan.sh
+6
View File
@@ -0,0 +1,6 @@
#!/bin/sh
# Filesystem vulnerability scan for Node (lockfiles, manifests). Replaces pnpm audit
# while the npm registry legacy audit endpoints are unavailable to pnpm (HTTP 410).
set -eu
exec trivy fs --exit-code 1 --severity HIGH,CRITICAL --skip-dirs .pnpm-store .