About
npm audit widget is a Dashboard widget for Azure DevOps (TFS) Dashboard's that displays npm audit results.
- Critical: Address immediately
- High: Address as quickly as possible
- Moderate: Address as time allows
- Low: Address at your discretion
Configuration
Note: You must be on npm v6.1.0 or greater
Publishing npm audit results on Azure DevOps
See: Azure DevOps Example
jobs:
- job: Windows
pool:
vmImage: 'vs2017-win2016'
steps:
- task: NodeTool@0
inputs:
versionSpec: '8.x'
displayName: 'Install Node.js'
- script: npm i npm -g
displayName: 'update npm'
- script: npm -v
displayName: 'check version'
- script: npm install
displayName: 'npm install'
- script: npm audit --json > audit.json
displayName: 'audit'
- task: PublishBuildArtifacts@1
displayName: 'Publish Artifact: audit_results'
inputs:
PathtoPublish: 'audit.json'
ArtifactName: 'audit_results'
Publishing npm audit results on TFS (2017)
Create a npm task with the following arguments
- working folder:
$/[path to application root (folder with package.json)]
- npm command:
audit
- arguments:
--json > audit.json
- Optional, use
--json > audit.json & exit 0 if you don't want the task to fail if audit returns security issues.
Create a publish build artifacts task with the following arguments
- Path to Publish:
$/[path to application root (folder with package.json)]/audit.json
- Artifact Name:
audit_results
- Artifact Type:
Server
Make sure the npm task comes before the publish task
Save and Queue a build
Install the widget from the market place
Add the widget to the dashboard
Configure the widget by choosing a build that is publishing audit_results
The widget should display the total number of issues as well as the number of issues by type.
c: criticalh: highm: moderatel: low
The color of the widget is determined by the severity.
Credits
| |
