Skip to content

Commit 68a10ca

Browse files
Copilotaviadhahami
Copilot
and
aviadhahami
committed
Remove unnecessary Node.js setup and npm ci from vulnerability scan
Grype parses package-lock.json directly via Syft's javascript-lock-cataloger. No need to install node_modules for vulnerability scanning. Co-authored-by: aviadhahami <7353632+aviadhahami@users.noreply.github.com> Agent-Logs-Url: https://github.com/nodevault/node-vault/sessions/7ce325a9-9cf4-4429-bd29-0e641afd7023
1 parent 279c09c commit 68a10ca

File tree

1 file changed

+0
-8
lines changed

1 file changed

+0
-8
lines changed

.github/workflows/vulnerability-scan.yaml

Lines changed: 0 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -18,14 +18,6 @@ jobs:
1818
- name: Checkout code
1919
uses: actions/checkout@v4
2020

21-
- name: Set up Node.js
22-
uses: actions/setup-node@v4
23-
with:
24-
node-version: 18
25-
26-
- name: Install dependencies
27-
run: npm ci
28-
2921
- name: Scan for vulnerabilities
3022
uses: anchore/scan-action@v7
3123
id: scan

0 commit comments

Comments
 (0)