SONAR-13155 add command to run yarn security audit

author: Simon Brandhof <simon.brandhof@sonarsource.com> 2020-03-24 21:31:35 +0100
committer: sonartech <sonartech@sonarsource.com> 2020-03-25 20:03:54 +0000
commit: ac71f9c2f001f91cba8a246562c30771ffa1da11 (patch)
tree: ac736b3bc4b21e095087d3c6b9545fbfa8561281 /server/sonar-docs
parent: eb1fc30c39a95db91a7e3c9a5b0cbbfd8fa13cf9 (diff)
download: sonarqube-ac71f9c2f001f91cba8a246562c30771ffa1da11.tar.gz
sonarqube-ac71f9c2f001f91cba8a246562c30771ffa1da11.zip
1 files changed, 9 insertions, 0 deletions
diff --git a/server/sonar-docs/build.gradle b/server/sonar-docs/build.gradle
index d072b8fe25e..cea99b44015 100644
--- a/server/sonar-docs/build.gradle
+++ b/server/sonar-docs/build.gradle
@@ -80,6 +80,15 @@ clean.dependsOn(cleanYarn_run)
   dependsOn(yarn)
 }
 
+// Check for known vulnerabilities
+yarn_audit {
+  inputs.file('package.json')
+  outputs.cacheIf { false }
+  args = ['--groups', 'dependencies', '--level', 'high']
+  ignoreExitValue = true
+  dependsOn(yarn)
+}
+
 task zip(type: Zip) {
   def archiveDir = "$version"
   duplicatesStrategy DuplicatesStrategy.EXCLUDE
author	Simon Brandhof <simon.brandhof@sonarsource.com>	2020-03-24 21:31:35 +0100
committer	sonartech <sonartech@sonarsource.com>	2020-03-25 20:03:54 +0000
commit	ac71f9c2f001f91cba8a246562c30771ffa1da11 (patch)
tree	ac736b3bc4b21e095087d3c6b9545fbfa8561281 /server/sonar-docs
parent	eb1fc30c39a95db91a7e3c9a5b0cbbfd8fa13cf9 (diff)
download	sonarqube-ac71f9c2f001f91cba8a246562c30771ffa1da11.tar.gz sonarqube-ac71f9c2f001f91cba8a246562c30771ffa1da11.zip