This action will check for vulnerable NuGet packages in one or more projects/solutions. If vulnerable packages are found, they will be listed and the build will fail.
The code is based on this excellent blog post by Steven Giesel. Development of the action is sponsored by elmah.io.
A newline-separated list of project or solution files to operate on. If not specified, the command will search the current directory for one.
Check all projects and solutions for vulnerable NuGet packages:
- name: Check vulnerable NuGet packages
uses: elmahio/github-check-vulnerable-nuget-packages-action@v2Check a specific project for vulnerable NuGet packages:
- name: Check vulnerable NuGet packages
uses: elmahio/github-check-vulnerable-nuget-packages-action@v2
with:
projects: |
src/HelloWorld.csproj