-
Notifications
You must be signed in to change notification settings - Fork 0
46 lines (32 loc) · 1.06 KB
/
nuget-vulnerabilites.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
name: 'NuGet vulnerabilites'
on:
workflow_dispatch: # To can dispatch manually
# Schedule to run every week on Sunday at 00:00 UTC
schedule:
- cron: '0 0 * * 0'
pull_request:
types: [opened, reopened, edited, synchronize]
branches:
- main
env:
SDK_VERSION: '6.0.420'
jobs:
sonar-scanner:
name: "NuGet vulnerabilites"
runs-on: ubuntu-latest
steps:
- name: "Checkout"
uses: actions/checkout@v4
- name: "Setup .NET"
uses: actions/setup-dotnet@v4
with:
dotnet-version: ${{ env.SDK_VERSION }}
- name: "Restore dependencies"
run: dotnet restore
- name: "Build"
run: dotnet build --configuration Release --no-restore
- name: "Checking NuGet vulnerabilites"
run: |
dotnet list package --vulnerable --include-transitive 2>&1 | tee build.log
echo "Analyze dotnet list package command log output..."
grep -q -i "\bcritical\b\|\bhigh\b\|\bmoderate\b\|\blow\b" build.log && { echo "Security Vulnerabilities found on the log output"; exit 1; } || exit 0