-
-
Notifications
You must be signed in to change notification settings - Fork 229
35 lines (29 loc) · 1.22 KB
/
vulnerabilities.yml
File metadata and controls
35 lines (29 loc) · 1.22 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
name: List vulnerable packages
on:
workflow_dispatch:
schedule:
- cron: "0 0 * * *" # once a day
pull_request:
jobs:
list-vulnerable-packages:
name: List vulnerable packages
# Pin macos to get the version of XCode that we need: https://github.com/actions/runner-images/issues/10703
runs-on: macos-15
steps:
- name: Checkout
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
with:
submodules: recursive
- name: Setup Environment
uses: ./.github/actions/environment
# We only need to restore to check for vulnerable packages
- name: Restore .NET Dependencies
run: dotnet restore Sentry.sln --nologo
# The dotnet package list command doesn't change its exit code on detection, so tee to a file and scan it
# See https://github.com/NuGet/Home/issues/11315#issuecomment-1243055173
- name: List vulnerable packages
shell: bash
run: |
dotnet package list --project Sentry.sln --vulnerable --include-transitive --no-restore | tee vulnerable.txt
# https://github.com/getsentry/sentry-dotnet/issues/2814
# ! grep 'has the following vulnerable packages' vulnerable.txt