Add workflow to scan for vulnerable dependencies

Author: bart-vmware

.github/workflows/Steeltoe.All.yml

@@ -6,7 +6,6 @@ on:
     branches:
     - main
     - '[0-9]+.x'
-    - 'release/*'
   pull_request:
 
 concurrency:

.github/workflows/package.yml

@@ -6,7 +6,6 @@ on:
     branches:
     - main
     - '[0-9]+.x'
-    - 'release/*'
   pull_request:
   release:
     types:

.github/workflows/scan-vulnerable-dependencies.yml

@@ -0,0 +1,41 @@
+name: Scan vulnerable dependencies
+
+on:
+  workflow_dispatch:
+  push:
+    branches:
+    - main
+    - '[0-9]+.x'
+  pull_request:
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+permissions:
+  contents: read
+
+env:
+  DOTNET_CLI_TELEMETRY_OPTOUT: 1
+  DOTNET_NOLOGO: true
+  SOLUTION_FILE: 'src/Steeltoe.All.sln'
+
+jobs:
+  scan:
+    name: Scan
+    timeout-minutes: 15
+    runs-on: ubuntu-latest
+
+    steps:
+    - name: Setup .NET
+      uses: actions/setup-dotnet@v4
+      with:
+        dotnet-version: |
+          8.0.*
+          9.0.*
+
+    - name: Git checkout
+      uses: actions/checkout@v4
+
+    - name: Report vulnerable dependencies
+      run: dotnet restore ${{ env.SOLUTION_FILE }} --verbosity minimal /p:NuGetAudit=true /p:NuGetAuditMode=all /p:NuGetAuditLevel=low /p:TreatWarningsAsErrors=True

.github/workflows/sonarcube.yml

@@ -6,7 +6,6 @@ on:
     branches:
     - main
     - '[0-9]+.x'
-    - 'release/*'
   pull_request:
     types: [opened, synchronize, reopened]
 

.github/workflows/verify-code-style.yml

@@ -6,7 +6,6 @@ on:
     branches:
     - main
     - '[0-9]+.x'
-    - 'release/*'
   pull_request:
 
 concurrency: