Updating build to check for vulnerabilities (#9650)

Author: soninaren

azure-pipelines.yml

@@ -52,6 +52,10 @@ jobs:
     inputs:
       filePath: '$(Build.Repository.LocalPath)\build\build-extensions.ps1'
       arguments: '-buildNumber "$(buildNumber)" -suffix "$(suffix)"'
+  - task: PowerShell@2
+    displayName: "Check for security vulnerabilities"
+    inputs:
+      filePath: '$(Build.Repository.LocalPath)\build\check-vulnerabilities.ps1'
   - task: PowerShell@2
     condition: eq(variables['RUNBUILDFORINTEGRATIONTESTS'], 'True')
     displayName: "Update host references"

build/check-vulnerabilities.ps1

@@ -0,0 +1,24 @@
+$projectPath = "$PSScriptRoot\..\src\WebJobs.Script.WebHost\WebJobs.Script.WebHost.csproj"
+$logFilePath = "$PSScriptRoot\..\build.log"
+if (-not (Test-Path $projectPath))
+{
+    throw "Project path '$projectPath' does not exist."
+}
+
+$cmd = "list", $projectPath, "package", "--include-transitive", "--vulnerable"
+Write-Host "dotnet $cmd"
+dotnet $cmd | Tee-Object build.log
+
+$result = Get-content $logFilePath | select-string "has no vulnerable packages given the current sources"
+
+$logFileExists = Test-Path $logFilePath -PathType Leaf
+if ($logFileExists)
+{
+  Remove-Item $logFilePath
+}
+
+if (!$result)
+{
+  Write-Host "Vulnerabilities found" 
+  Exit 1
+}