You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The dotnet CLI added a new command to check for vulnerable NuGet packages:
dotnet list package --vulnerable --include-transitive >/artifacts/vulnerabilities.txt
We could use this to create a record of vulnerabilities and add them to the build artefacts:
Task("Vulnerabilities").Description("Checks NuGet packages for security vulnerabilities and outputs them to the artefacts directory.").Does(()=>{varvulnerabilitiesFilePath=artefactsDirectory+new FilePath("Vulnerabilities.txt"); StartProcess("dotnet",new ProcessSettings().WithArguments(x => x.Append("list").Append("package").Append("--vulnerable").Append("--include-transitive")).SetRedirectStandardOutput(true),outvar output); System.IO.File.WriteAllLines(vulnerabilitiesFilePath, output);});
I'm not certain it's that useful, since if you use GitHub, there is a Security tab that already does all that for you. Dependabot even submits PR's to upgrade packages and fix them.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
The dotnet CLI added a new command to check for vulnerable NuGet packages:
We could use this to create a record of vulnerabilities and add them to the build artefacts:
I'm not certain it's that useful, since if you use GitHub, there is a Security tab that already does all that for you. Dependabot even submits PR's to upgrade packages and fix them.
cc @VictorioBerra
Beta Was this translation helpful? Give feedback.
All reactions