Skip to content
/ dotnet-dependency-alert Public

GitHub action to scan .NET solutions and projects for vulnerable, deprecated, or outdated package references.

License

MIT license
1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

mawosoft/dotnet-dependency-alert

Use this GitHub action with your project
Add this Action to an existing workflow or create a new one
View on Marketplace
BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

10 Commits
.github
.github
 
 
src
src
 
 
.gitattributes
.gitattributes
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
action.ps1
action.ps1
 
 
action.yml
action.yml
 
 

Repository files navigation

DotNet Dependency Alert

GitHub action to scan .NET solutions and projects for vulnerable, deprecated, or outdated package references. If any such top-level or transitive package is found, a Dependency Alert issue is created in the repository. Subsequent alerts are only created if new problems arise or the package references have changed.

Usage

See action.yml for a description of all available input parameters. With the default settings, the action restores and scans the solution or project in the current directory.

on:
  schedule:
  - cron: '0 5 * * *'

jobs:
  Dependencies:
    runs-on: ubuntu-latest
    steps:
    - name: Checkout
      uses: actions/checkout@v3
    - name: Check Dependencies
      uses: mawosoft/dotnet-dependency-alert@v1

Example of a Dependency Alert Issue

Workflow Dependency Check Run #25

New Dependency Problems (1/4)

Top-level Packages
  • FooLib [netstandard2.0]
    FooLib.Tests [net6.0]
Package Latest
BenchmarkDotNet 0.13.2 0.13.7
Transitive Packages
Package Latest Vulnerable Deprecated
Newtonsoft.Json 9.0.1 BarApp.Tests [net6.0]
FooLib.Tests [net6.0]
 13.0.3 High
System.Collections.Immutable 5.0.0 BarApp [net48, net6.0]
BarApp.Tests [net48, net6.0]
FooLib [netstandard2.0]
FooLib.Tests [net6.0]
 7.0.0 Other,Legacy
System.Runtime.CompilerServices.Unsafe 5.0.0 BarApp [net48, net6.0]
BarApp.Tests [net48, net6.0]
FooLib [netstandard2.0]
FooLib.Tests [net6.0]
 6.0.0 Other,Legacy
System.Security.AccessControl 5.0.0 BarApp [net48]
BarApp.Tests [net48]
FooLib [netstandard2.0]
 6.0.0 Other,Legacy

All Dependency Problems (4/7)

Top-level Packages
Package Latest Vulnerable Deprecated
BenchmarkDotNet 0.13.2 FooLib [netstandard2.0]
FooLib.Tests [net6.0]
 0.13.7
coverlet.collector 3.1.2 BarApp.Tests [net48, net6.0]
FooLib.Tests [net6.0]
 6.0.0
Microsoft.Extensions.FileSystemGlobbing 5.0.0 BarApp [net48]
 7.0.0 Other,Legacy
System.Text.RegularExpressions 4.3.0 FooLib [netstandard2.0]
 4.3.1 High
Transitive Packages
Package Latest Vulnerable Deprecated
Microsoft.Extensions.FileSystemGlobbing 5.0.0 BarApp.Tests [net48]
 7.0.0 Other,Legacy
Newtonsoft.Json 9.0.1 BarApp.Tests [net6.0]
FooLib.Tests [net6.0]
 13.0.3 High
System.Collections.Immutable 5.0.0 BarApp [net48, net6.0]
BarApp.Tests [net48, net6.0]
FooLib [netstandard2.0]
FooLib.Tests [net6.0]
 7.0.0 Other,Legacy
System.Net.Http 4.3.0 BarApp.Tests [net6.0]
FooLib.Tests [net6.0]
 4.3.4 High
System.Runtime.CompilerServices.Unsafe 5.0.0 BarApp [net48, net6.0]
BarApp.Tests [net48, net6.0]
FooLib [netstandard2.0]
FooLib.Tests [net6.0]
 6.0.0 Other,Legacy
System.Security.AccessControl 5.0.0 BarApp [net48]
BarApp.Tests [net48]
FooLib [netstandard2.0]
 6.0.0 Other,Legacy
System.Text.RegularExpressions 4.3.0 BarApp.Tests [net6.0]
FooLib.Tests [net6.0]
 4.3.1 High

About

GitHub action to scan .NET solutions and projects for vulnerable, deprecated, or outdated package references.

Topics

dotnet nuget dependencies github-actions

Resources

Readme

License

MIT license
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases 3

v1.1.0 Latest
Mar 26, 2024
+ 2 releases

Contributors 2

  •  
  •  

Languages