Fix security scan and keypair.snk

rajkumar-rangaraj · rajkumar-rangaraj · commit 04901d6e91df · 2025-07-29T04:26:33.000-07:00
diff --git a/.github/workflows/next-gen-ci.yml b/.github/workflows/next-gen-ci.yml
@@ -136,11 +136,19 @@ jobs:
 
       - name: Run security scan
         run: |
+          # Run the vulnerability scan and capture output
           dotnet list next-gen.sln package --vulnerable --include-transitive --format json > vulnerability-report.json || true
-          if [ -s vulnerability-report.json ] && [ "$(cat vulnerability-report.json)" != "{}" ]; then
-            echo "Vulnerabilities found:"
-            cat vulnerability-report.json
+          
+          echo "Generated vulnerability report:"
+          cat vulnerability-report.json
+          
+          # Check if there are actual vulnerabilities by looking for the vulnerabilities array with content
+          # The JSON structure includes "vulnerabilities": [...] only when actual vulnerabilities exist
+          if grep -q '"vulnerabilities":\s*\[[^]]\+\]' vulnerability-report.json; then
+            echo "Security vulnerabilities detected!"
             exit 1
+          else
+            echo "No security vulnerabilities found."
           fi
 
       - name: Upload vulnerability report
diff --git a/next-gen/Directory.Build.props b/next-gen/Directory.Build.props
@@ -5,7 +5,7 @@
     <IsTestProject>$(MSBuildProjectName.Contains('.Test'))</IsTestProject>
 
     <SignAssembly>true</SignAssembly>
-    <AssemblyOriginatorKeyFile>$(RepoRoot)\KeyPair.snk</AssemblyOriginatorKeyFile>
+    <AssemblyOriginatorKeyFile>$(MSBuildThisFileDirectory)keyPair.snk</AssemblyOriginatorKeyFile>
 
     <Authors>OpenTelemetry Authors</Authors>
     <Copyright>Copyright © $([System.DateTime]::Now.ToString(yyyy))</Copyright>
