#53 Improve scanning for upstream CVEs

test-and-deploy.yml

@@ -695,6 +695,12 @@ Debug:
     - git remote add origin git@${CI_SERVER_HOST}:$CI_PROJECT_PATH.git
     - composer update --no-interaction --no-progress --no-dev
     - rm /tmp/test.log >/dev/null 2>&1 || true
+    - composer audit --no-dev --locked --format=plain >/tmp/test.log 2>&1 || true
+    - cat /tmp/test.log
+    - EC=0
+    - grep "No security vulnerability advisories found" /tmp/test.log || EC=$?
+    - if [[ $EC -ne 0 ]]; then glab issue create --title "Security vulnerability advisories found" --description "$(cat /tmp/test.log)"; exit 1; fi
+    - rm /tmp/test.log >/dev/null 2>&1 || true
     - git status >/tmp/test.log 2>&1
     - EC=0
     - grep "nothing to commit, working tree clean" /tmp/test.log || EC=$?