name: Monthly Vulnerability Scan

on:
  schedule:
    - cron: "0 0 1 * *" # Runs at 00:00 on the 1st day of every month
  workflow_dispatch: # Allows manual triggering

jobs:
  scan-vulnerabilities:
    name: Scan for .NET Package Vulnerabilities
    runs-on: ubuntu-latest

    steps:
      - name: Checkout repository
        uses: actions/checkout@v4

      - name: Setup .NET
        uses: actions/setup-dotnet@v4
        with:
          dotnet-version: "8.0.x" # Match latest LTS or adjust as needed

      - name: Restore dependencies
        run: dotnet restore

      - name: List vulnerable packages
        run: |
          set -e
          results=$(dotnet list package --vulnerable)
          echo "$results"
          if echo "$results" | grep -q "has the following vulnerable packages"; then
            echo "Vulnerabilities found!"
            exit 1
          fi