Update snyk job to handle npm deps (weaveworks#210)

* Update snyk job to handle npm deps

* Add NPM audit step to test

.github/workflows/docker_scan.yaml

@@ -50,6 +50,8 @@ jobs:
         uses: actions/checkout@v2
       - name: Fake Install flux
         run: mkdir -p pkg/flux/bin && touch pkg/flux/bin/flux
+      - name: Remove UI deps from Scan
+        run: rm package-lock.json && rm package.json && make cmd/ui/dist/index.html
       - name: Run Snyk to check for vulnerabilities
         uses: snyk/actions/golang@master
         env:
@@ -96,13 +98,13 @@ jobs:
         uses: aquasecurity/trivy-action@master
         with:
           image-ref: weaveworks/wego-controller:${{ github.sha }}
-          format: 'template'
-          template: '@/contrib/sarif.tpl'
-          output: 'trivy-results.sarif'
+          format: "template"
+          template: "@/contrib/sarif.tpl"
+          output: "trivy-results.sarif"
       - name: Upload Trivy scan results to GitHub Security tab
         uses: github/codeql-action/upload-sarif@v1
         with:
-          sarif_file: 'trivy-results.sarif'
+          sarif_file: "trivy-results.sarif"
 
   codeql:
     name: CodeQL

.github/workflows/test.yml

@@ -78,6 +78,8 @@ jobs:
       uses: actions/checkout@v2
     - name: Install UI Deps
       run: npm ci
+    - name: NPM Audit
+      run: npm audit
     - name: Build UI Assets
       run: make cmd/ui/dist/main.js
     - name: Fake Install flux