APPLICATION DEPENDENCIES

FIELD DESCRIPTION TYPE DEFAULT VALUE(S) ALLOWED VALUE(S)
enabled describes whether this part of the policy is enabled or not Boolean true true, false
_compensatingControl describes whether there is some other tool or process in place to handle this Boolean false true, false
auditOptions which tools are available to conduct dependency audit String Array [ “npm audit”, “snyk”] “npm audit” “synk”*
autoFix whether or not you want any of the tools defined in auditOptions to fix any vulnerabilities found** Boolean false true, false
pathToReport where you want the results of the audit to be recorded String ”/var/log/npm-audits/”

* requires an account on synk.io. You can get that here

** setting this value to true may introduce breaking changes to your dependencies. We recommend that you review each recommended fix before accepting it