Node.js 의존성 모듈의 취약점에 대한 자동통제 기법: GitHub Action과 npm audit 활용

Vol. 35, No. 2, pp. 223-240, 4월. 2025
10.13089/JKIISC.2025.35.2.223, Full Text:
Keywords: CI/CD Security Integration, GitHub Actions, npm audit, Automated Control
Abstract

The advancement of IT infrastructure has led to the development of continuous integration and continuous deployment (CI/CD) for software development. CI/CD enables rapid deployment and iteration but presents challenges in swiftly identifying and managing security vulnerabilities. This study addresses these challenges by proposing a security control technique based on Node.js and GitHub Actions. The proposed technique integrates security directly into the CI/CD pipeline, ensuring real-time vulnerability detection and mitigation for critical vulnerabilities (CRITICAL level). It minimizes unnecessary data accumulation, reduces the complexity of maintaining additional infrastructure, and simplifies the configuration and analysis processes. By achieving highly effective security control with reduced computational overhead, the study demonstrates the practical applicability and efficiency of the proposed method within modern DevSecOps environments.

Statistics
Show / Hide Statistics

Statistics (Cumulative Counts from December 1st, 2017)
Multiple requests among the same browser session are counted as one view.
If you mouse over a chart, the values of data points will be shown.


Cite this article
[IEEE Style]
김대석 and 김태성, "Automated Control Technique for Vulnerabilities in Node.js Dependency Modules: Utilizing GitHub Actions and npm Audit," Journal of The Korea Institute of Information Security and Cryptology, vol. 35, no. 2, pp. 223-240, 2025. DOI: 10.13089/JKIISC.2025.35.2.223.

[ACM Style]
김대석 and 김태성. 2025. Automated Control Technique for Vulnerabilities in Node.js Dependency Modules: Utilizing GitHub Actions and npm Audit. Journal of The Korea Institute of Information Security and Cryptology, 35, 2, (2025), 223-240. DOI: 10.13089/JKIISC.2025.35.2.223.