Skip to content

Merge branch 'main' into dependabot/github_actions/actions/upload-art… #204

Merge branch 'main' into dependabot/github_actions/actions/upload-art…

Merge branch 'main' into dependabot/github_actions/actions/upload-art… #204

Workflow file for this run

name: CVE Scanning
on:
push:
workflow_dispatch:
jobs:
dotnet-modules-scan:
name: dotnet-scan
runs-on: ubuntu-latest
continue-on-error: false
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Build project with dotnet
run: dotnet build --configuration Release
working-directory: 'src'
- name: List vulnerable libraries
run: dotnet list package --vulnerable --include-transitive
working-directory: 'src'
- name: Depcheck
uses: dependency-check/Dependency-Check_Action@3102a65fd5f36d0000297576acc56a475b0de98d
id: Depcheck
with:
project: '.'
path: '.'
format: 'HTML'
out: 'reports'
args: >
--suppression .cve/allow-list.xml
--failOnCVSS 7
--enableRetired
- name: Upload Test results
if: ${{ always() }}
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
with:
name: Depcheck report
path: ${{ github.workspace }}/reports