How to check on your CI/CD pipeline if your application has a NuGet package with a security vulnerability

This repository contains a couple of examples about how you can check on your CI/CD pipeline if your application has a NuGet package with a security vulnerability.

To check if a NuGet package contains a security vulnerability we're using the dotnet list package –vulnerable command, this command uses the Github Adivsory Database to identify vulnerabilities in nuget packages.

You can check the azure-pipelines.yml file to view an example of how to use the dotnet list package –vulnerable command inside an Azure CI/CD Pipeline.

Also, you can check the .github/workflows/dotnet.yml file to view an example of how to use the dotnet list package –vulnerable command inside a GitHub Action.

Name		Name	Last commit message	Last commit date
Latest commit History 14 Commits
.github/workflows		.github/workflows
src		src
test		test
.dockerignore		.dockerignore
.gitignore		.gitignore
Dockerfile		Dockerfile
Packages.props		Packages.props
README.md		README.md
VulnerableApp.sln		VulnerableApp.sln
azure-pipelines.yml		azure-pipelines.yml
nuget.config		nuget.config

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

How to check on your CI/CD pipeline if your application has a NuGet package with a security vulnerability

About

Languages

karlospn/check-nuget-packages-for-security-vulnerabilities

Folders and files

Latest commit

History

Repository files navigation

How to check on your CI/CD pipeline if your application has a NuGet package with a security vulnerability

About

Topics

Resources

Stars

Watchers

Forks

Languages