Snyk.io Component
This is a run-jst component that detects vulnerable
dependencies according to package.json
submitted to Snyk.io backend.
Prerequisites
- Ensure
Node.js >=v6.x
is installed (We recommend usingnvm
https://github.com/creationix/nvm#installation) - Install "run-jst"
- Profit?!
Installation
npm install -g run-jst-snyk
Configuration
.jst.yml
configuration:
$:
preprocess:
'$.snyk.token': 'eval'
snyk:
token: 'process.env.JST_SNYK_API_TOKEN' # Snyk.io API token
# actionable: true # Show actionable items
# dev: false # Analyze 'devDependencies'
.travis.yml
configuration:
script: 'jst run unit -c run-jst-snyk'
before_install:
# other before_install scripts...
- 'npm install -g run-jst-snyk'
Add the Snyk.io API Token to .travis.yml
:
jst travis encrypt -x 'JST_SNYK_API_TOKEN=1234'
If you are using Travis Pro read this guide to properly encrypt the environment variable
Usage
JST_SNYK_API_TOKEN=1234 jst run unit -c run-jst-snyk