Add to .github/workflows/security-scan.yml:
name: Security Scan
on: [push, pull_request]
jobs:
npm-scan:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Install dependencies
run: sudo apt-get install -y jq
- name: Clone npm-scanner
run: git clone https://github.com/virtualian/npm-scanner.git /tmp/npm-scanner
- name: Initialize scanner
run: /tmp/npm-scanner/npm-scanner.sh init
- name: Scan project
run: /tmp/npm-scanner/npm-scanner.sh scan --project . --yes
Create .git/hooks/pre-commit:
#!/bin/bash
if git diff --cached --name-only | grep -q "package.json"; then
./npm-scanner.sh scan --project . --yes
if [ $? -ne 0 ]; then
echo "Security scan found issues. Review before committing."
exit 1
fi
fi
Make it executable:
chmod +x .git/hooks/pre-commit
pipeline {
agent any
stages {
stage('Security Scan') {
steps {
sh './npm-scanner.sh scan --project . --yes'
}
}
}
post {
failure {
emailext subject: 'npm-scanner: Issues Found',
body: 'Security scan detected potential issues.',
to: 'security@company.com'
}
}
}
Add to .gitlab-ci.yml:
security-scan:
stage: test
image: ubuntu:latest
before_script:
- apt-get update && apt-get install -y jq curl git unzip
- git clone https://github.com/virtualian/npm-scanner.git /tmp/npm-scanner
- /tmp/npm-scanner/npm-scanner.sh init
script:
- /tmp/npm-scanner/npm-scanner.sh scan --project . --yes
Use cron for regular automated scans:
# Add to crontab (runs daily at 6 AM)
0 6 * * * /path/to/npm-scanner/npm-scanner.sh scan --project ~/code --yes
Or use the scheduling script with email alerts:
./scripts/scheduled-audit-script.sh \
--project ~/code \
--email security@company.com \
--cron "0 6 * * *"