Enhance code analysis workflow by adding workspace sanity checks and refining OSV-Scanner commands to ensure proper execution with package-lock.json, improving overall reliability of the analysis process.

.gitea/workflows/code-analysis.yml

@@ -12,6 +12,14 @@ jobs:
       - name: Checkout
         uses: actions/checkout@v4
 
+      - name: Workspace sanity check
+        run: |
+          echo "PWD: $(pwd)"
+          echo "LS:"
+          ls -la
+          echo "Lockfiles:"
+          ls -la package-lock.json || true
+
       - name: Node versions
         run: |
           node -v
@@ -65,10 +73,12 @@ jobs:
         run: semgrep --config p/default --error .
 
       - name: npm audit (high+)
-        run: npm audit --audit-level=high || true
+        run: npm audit --audit-level=high
 
       - name: OSV-Scanner (SCA)
         run: |
           curl -L -o osv-scanner https://github.com/google/osv-scanner/releases/latest/download/osv-scanner_linux_amd64
           chmod +x osv-scanner
-          ./osv-scanner --lockfile package-lock.json
+          ./osv-scanner --version
+          test -f ./package-lock.json
+          ./osv-scanner --lockfile ./package-lock.json