Skip to content
alert-triangle

GitHub Action

DotNet Dependency Alert

v1.1.0 Latest version

DotNet Dependency Alert

alert-triangle

DotNet Dependency Alert

Scan .NET solutions and projects for vulnerable, deprecated, or outdated package references and create an alert.

Installation

Copy and paste the following snippet into your .yml file.

              
- name: DotNet Dependency Alert

              
  uses: mawosoft/[email protected]
Learn more about this action in mawosoft/dotnet-dependency-alert

Choose a version

DotNet Dependency Alert

GitHub action to scan .NET solutions and projects for vulnerable, deprecated, or outdated package references. If any such top-level or transitive package is found, a Dependency Alert issue is created in the repository. Subsequent alerts are only created if new problems arise or the package references have changed.

Usage

See action.yml for a description of all available input parameters. With the default settings, the action restores and scans the solution or project in the current directory.

on:
  schedule:
  - cron: '0 5 * * *'

jobs:
  Dependencies:
    runs-on: ubuntu-latest
    steps:
    - name: Checkout
      uses: actions/checkout@v3
    - name: Check Dependencies
      uses: mawosoft/dotnet-dependency-alert@v1

Example of a Dependency Alert Issue

Workflow Dependency Check Run #25

New Dependency Problems (1/4)

Top-level Packages
  • FooLib [netstandard2.0]
    FooLib.Tests [net6.0]
Package Latest
BenchmarkDotNet 0.13.2 0.13.7
Transitive Packages
Package Latest Vulnerable Deprecated
Newtonsoft.Json 9.0.1 BarApp.Tests [net6.0]
FooLib.Tests [net6.0]
 13.0.3 High
System.Collections.Immutable 5.0.0 BarApp [net48, net6.0]
BarApp.Tests [net48, net6.0]
FooLib [netstandard2.0]
FooLib.Tests [net6.0]
 7.0.0 Other,Legacy
System.Runtime.CompilerServices.Unsafe 5.0.0 BarApp [net48, net6.0]
BarApp.Tests [net48, net6.0]
FooLib [netstandard2.0]
FooLib.Tests [net6.0]
 6.0.0 Other,Legacy
System.Security.AccessControl 5.0.0 BarApp [net48]
BarApp.Tests [net48]
FooLib [netstandard2.0]
 6.0.0 Other,Legacy

All Dependency Problems (4/7)

Top-level Packages
Package Latest Vulnerable Deprecated
BenchmarkDotNet 0.13.2 FooLib [netstandard2.0]
FooLib.Tests [net6.0]
 0.13.7
coverlet.collector 3.1.2 BarApp.Tests [net48, net6.0]
FooLib.Tests [net6.0]
 6.0.0
Microsoft.Extensions.FileSystemGlobbing 5.0.0 BarApp [net48]
 7.0.0 Other,Legacy
System.Text.RegularExpressions 4.3.0 FooLib [netstandard2.0]
 4.3.1 High
Transitive Packages
Package Latest Vulnerable Deprecated
Microsoft.Extensions.FileSystemGlobbing 5.0.0 BarApp.Tests [net48]
 7.0.0 Other,Legacy
Newtonsoft.Json 9.0.1 BarApp.Tests [net6.0]
FooLib.Tests [net6.0]
 13.0.3 High
System.Collections.Immutable 5.0.0 BarApp [net48, net6.0]
BarApp.Tests [net48, net6.0]
FooLib [netstandard2.0]
FooLib.Tests [net6.0]
 7.0.0 Other,Legacy
System.Net.Http 4.3.0 BarApp.Tests [net6.0]
FooLib.Tests [net6.0]
 4.3.4 High
System.Runtime.CompilerServices.Unsafe 5.0.0 BarApp [net48, net6.0]
BarApp.Tests [net48, net6.0]
FooLib [netstandard2.0]
FooLib.Tests [net6.0]
 6.0.0 Other,Legacy
System.Security.AccessControl 5.0.0 BarApp [net48]
BarApp.Tests [net48]
FooLib [netstandard2.0]
 6.0.0 Other,Legacy
System.Text.RegularExpressions 4.3.0 BarApp.Tests [net6.0]
FooLib.Tests [net6.0]
 4.3.1 High