Skip to content

Bump actions/upload-artifact from 4.4.0 to 4.4.3 #199

Bump actions/upload-artifact from 4.4.0 to 4.4.3

Bump actions/upload-artifact from 4.4.0 to 4.4.3 #199

Workflow file for this run

name: CVE Scanning
on:
push:
workflow_dispatch:
jobs:
dotnet-modules-scan:
name: dotnet-scan
runs-on: ubuntu-latest
continue-on-error: false
steps:
- name: Checkout
uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
- name: Build project with dotnet
run: dotnet build --configuration Release
working-directory: 'src'
- name: List vulnerable libraries
run: dotnet list package --vulnerable --include-transitive
working-directory: 'src'
- name: Depcheck
uses: dependency-check/Dependency-Check_Action@3102a65fd5f36d0000297576acc56a475b0de98d
id: Depcheck
with:
project: '.'
path: '.'
format: 'HTML'
out: 'reports'
args: >
--suppression .cve/allow-list.xml
--failOnCVSS 7
--enableRetired
- name: Upload Test results
if: ${{ always() }}
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
with:
name: Depcheck report
path: ${{ github.workspace }}/reports