Skip to content
/ docker-retirejs Public
forked from gruebel/docker-retirejs

Retire.js Docker image for scanning JavaScript libraries with known vulnerabilities

3 stars 6 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

wickett/docker-retirejs

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits

tests

tests

 
 

.dockerignore

.dockerignore

 
 

.travis.yml

.travis.yml

 
 

Dockerfile

Dockerfile

 
 

README.md

README.md

 
 

Repository files navigation

Retire.js

Build Status Docker Automated build

Overview

A small image based on the offical Node Alpine image. For more information on the great tool Retire.js check out their GitHub project!

Usage

CMD

To scan your project for JavaScript vulnerabilities run following command

$ docker run --rm -v $PWD:/app gruebel/retirejs:latest

Additionally it is possible to use the supported arguments

$ docker run --rm -v $PWD:/app gruebel/retirejs:latest --ignorefile .retireignore.json

Jenkins Pipeline

To integrate it into a CI/CD pipeline add following snippet

Jenkinsfile (Declarative Pipeline)
pipeline {
    agent none
    stages {
        stage('JS vulnerability check') {
            agent {
                docker 'gruebel/retirejs:latest'
                args '--entrypoint ""'
            }
            steps {
                sh 'retire'
            }
        }
    }
}

Development

Npm package version check

To check for any outdated npm packages run following command

$ docker run --rm -it --entrypoint='' gruebel/retirejs:latest npm outdated -g

About

Retire.js Docker image for scanning JavaScript libraries with known vulnerabilities

Resources

Readme
Activity

Stars

3 stars

Watchers

0 watching

Forks

3 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Dockerfile 59.5%
  • Shell 40.5%