Remove unused audit-ci dependency
There is a `yarn ci` script which was using audit-ci but this does not appear to be called anywhere. The security worflow uses `yarn audit` and `npm audit` which seem fine enough anyway.
This commit is contained in:
Asher
@ -17,10 +17,8 @@ We use the following tools to help us stay on top of vulnerability mitigation.
|
||||
- Comprehensive vulnerability scanner that runs on PRs into the default
|
||||
branch and scans both our container image and repository code (see
|
||||
`trivy-scan-repo` and `trivy-scan-image` jobs in `build.yaml`)
|
||||
- [`audit-ci`](https://github.com/IBM/audit-ci)
|
||||
- Audits npm and Yarn dependencies in CI (see `Audit for vulnerabilities` step
|
||||
in `build.yaml`) on PRs into the default branch and fails CI if moderate or
|
||||
higher vulnerabilities (see the `audit.sh` script) are present.
|
||||
- `yarn audit` and `npm audit`
|
||||
- Audits Yarn/NPM dependencies.
|
||||
|
||||
## Supported Versions
|
||||
|
||||
|
||||
Reference in New Issue
Block a user