Testing for node modules vulnerabilities

To make sure the codebase doesn’t get creeped in with various vulnerabilities in its node modules, one way to achieve this is by creating a Jenkins job to check on a daily basis against a continuously updated database of known vulnerabilities.

One such database is provided by the Node Security community and can be easily integrated using the Node Security Platform (nsp) node package.

Create a new Pipeline-type job with the following implementation (just the required parts, you may need to add some more pieces to fit it in):

root-of-project-must-have-node-modules-folder – a pre-existing job folder containing a cloned repository with its node modules folder
Packages Vulnerability Checker – the name of this job (will be created once the job is run)

#!groovy

pipeline {
   stages {
      stage ("Check for vulnerability") {
         steps {
            script {
               def vulStatus

               // Check dashboard node modules
               sh '''
                  cd ../root-of-project-must-have-node-modules-folder
                  nsp check > "../Packages Vulnerability Checker/test-results.txt"
                  nsp check
               '''

               vulStatus = readFile('test-results.txt').trim()
               if (vulStatus != "(+) No known vulnerabilities found") {
                  slackSend (
                     color: '#F01717',
                     message: "@channel $JOB_NAME: <$BUILD_URL|Build #$BUILD_NUMBER> vulnerabilities found in Dashboard node modules. Check build logs."
                  )
               } 

               // additional folders to check...    
            }
         }
      }
   }
}

Leave a Reply Cancel reply

%d bloggers like this: