mirror of
https://github.com/tonytins/s2pk.git
synced 2025-05-28 03:16:29 -04:00
27 lines
706 B
YAML
27 lines
706 B
YAML
# .github/workflows/monthly-vulnerability-scan.yml
|
|
name: Monthly Vulnerability Scan
|
|
|
|
on:
|
|
schedule:
|
|
- cron: "0 0 1 * *" # Runs at 00:00 on the 1st day of every month
|
|
workflow_dispatch: # Allows manual triggering
|
|
|
|
jobs:
|
|
scan-vulnerabilities:
|
|
name: Scan for .NET Package Vulnerabilities
|
|
runs-on: ubuntu-latest
|
|
|
|
steps:
|
|
- name: Checkout repository
|
|
uses: actions/checkout@v4
|
|
|
|
- name: Setup .NET
|
|
uses: actions/setup-dotnet@v4
|
|
with:
|
|
dotnet-version: "8.0.x" # Match latest LTS or adjust as needed
|
|
|
|
- name: Restore dependencies
|
|
run: dotnet restore
|
|
|
|
- name: List vulnerable packages
|
|
run: dotnet list package --vulnerable
|