Exception for npm audit step in Frontend pipeline not supported
Dependency vulnerabilities detected during the npm audit step can cause Frontend pipeline failures in AEM Cloud Manager. To fix this issue, review the reported vulnerabilities, update or replace the affected dependencies, and rerun the pipeline.
Note: Exceptions to bypass the npm audit step are not supported.
Description description
Environment
Adobe Experience Manager (AEM) Cloud Manager (all versions)
Issue/Symptoms
When running the Frontend tier pipeline in AEM Cloud Manager, the build process fails at the npm audit step if vulnerabilities are detected in project dependencies. You might request an exception to bypass this step for all environments in a given program, but the pipeline does not support such exemptions.
Typical error output:
> npm audit
found X vulnerabilities (Y low, Z moderate, W high, V critical)
Some issues need review, and may require choosing
Run `npm audit fix` to address issues.
Pipeline failed due to unresolved vulnerabilities.
- The issue is reproducible by triggering the Frontend pipeline with unresolved dependency vulnerabilities.
- All environments in the program are affected.
Cause
The AEM Cloud Manager pipeline is designed to enforce security best practices by requiring all npm dependency vulnerabilities to be addressed. Exceptions to the npm audit step are not supported in the current pipeline design.
Resolution resolution
To fix the issue:
-
Review the vulnerabilities reported by the
npm auditstep in the pipeline build step logs. -
Update project dependencies to remediate the reported vulnerabilities:
- Run
npm audit fixlocally to automatically resolve fixable issues. - For remaining vulnerabilities, manually update or replace affected packages as needed.
- Run
-
Commit and push the updated dependencies to the repository.
-
Re-run the Frontend pipeline in Cloud Manager to verify that the build passes the
npm auditstep.