https://github.com/egorsmkv/npm-audit-to-report

A simple Go program that converts `security-audit.json` to `security-audit.md` so you can use it in CI pipeline.
https://github.com/egorsmkv/npm-audit-to-report

ci cve go npm security yarn

Last synced: about 1 month ago
JSON representation

A simple Go program that converts `security-audit.json` to `security-audit.md` so you can use it in CI pipeline.

• Host: GitHub
• URL: https://github.com/egorsmkv/npm-audit-to-report
• Owner: egorsmkv
• Created: 2025-03-23T09:37:18.000Z (about 1 month ago)
• Default Branch: main
• Last Pushed: 2025-04-01T12:45:07.000Z (about 1 month ago)
• Last Synced: 2025-04-01T13:29:33.753Z (about 1 month ago)
• Topics: ci, cve, go, npm, security, yarn
• Language: Go
• Homepage:
• Size: 256 KB
• Stars: 7
• Watchers: 1
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

        
# npm-audit-to-report

[![build](https://github.com/egorsmkv/npm-audit-to-report/actions/workflows/build.yml/badge.svg)](https://github.com/egorsmkv/npm-audit-to-report/actions/workflows/build.yml)

[![lint](https://github.com/egorsmkv/npm-audit-to-report/actions/workflows/lint.yml/badge.svg)](https://github.com/egorsmkv/npm-audit-to-report/actions/workflows/lint.yml)

A simple Go program that converts `security-audit.json` to `security-audit.md` so you can use it in CI pipeline.

## Demo

It's an example of the report generated by the program:



You can check [dependency-audit.yml](https://github.com/egorsmkv/npm-audit-to-report/blob/main/dependency-audit.yml) out to see how CI integration looks like. This version of pipeline will create a GitHub issue even if your dependencies does not have vulnerabilities. If you do not want this behaviour, check [dependency-audit-only-when-detected.yml](https://github.com/egorsmkv/npm-audit-to-report/blob/main/dependency-audit-only-when-detected.yml) instead.

## Install

```bash

go install github.com/egorsmkv/npm-audit-to-report@latest

```

## Usage

```

npm-audit-to-report [FLAGS]

  Flags:

       --version                      Displays the program version string.

    -h --help                         Displays help with available flag, subcommand, and positional value parameters.

    -i --audit-file                   Path to the audit file (default: security-audit.json)

    -o --output-file                  Path to the output file (default: security-audit.md)

    -f --fail-if-no-vulnerabilities   Fail if no vulnerabilities found

```