Added check for vulnerable packages to GitHub Actions

elmahio · May 3, 2024 · 196dac0 · 196dac0
1 parent 6ad7d64
commit 196dac0
Showing 1 changed file with 14 additions and 0 deletions.
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -24,6 +24,20 @@ jobs:
       run: dotnet sln serilog-sinks-elmahio.sln remove examples\Serilog.Sinks.ElmahIo.AspNet\Serilog.Sinks.ElmahIo.AspNet.csproj
     - name: Install dependencies
       run: dotnet restore
+    - name: Check for vulnerable packages
+      shell: bash
+      run: |
+        set -e # This will cause the script to exit on the first error
+        OUTPUT=$(dotnet list src/Serilog.Sinks.ElmahIo/Serilog.Sinks.ElmahIo.csproj package --vulnerable)
+        echo "$OUTPUT"
+        if echo "$OUTPUT" | grep -q 'no vulnerable packages'; then
+          echo "No vulnerable packages found"
+        else
+          if echo "$OUTPUT" | grep -q 'vulnerable'; then
+            echo "Vulnerable packages found"
+            exit 1
+          fi
+        fi
     - name: Build
       run: dotnet build --configuration Release --no-restore
     - name: Test