7ead822067
Change CI dotnet-version from 8.x to 10.0.x to match the project's net10.0 target framework (security.yml already used 10.0.x). Add concurrency groups and permissions: contents: read to both workflows. Co-Authored-By: Svrnty Inc. <eng@svrnty.com>
35 lines
694 B
YAML
35 lines
694 B
YAML
name: Security
|
|
|
|
on:
|
|
push:
|
|
branches: [JP]
|
|
pull_request:
|
|
branches: [JP]
|
|
schedule:
|
|
- cron: "0 6 * * 1" # Weekly on Monday at 06:00 UTC
|
|
|
|
concurrency:
|
|
group: security-${{ github.event.pull_request.number || github.sha }}
|
|
cancel-in-progress: true
|
|
|
|
permissions:
|
|
contents: read
|
|
|
|
jobs:
|
|
vulnerability-scan:
|
|
name: .NET vulnerability scan
|
|
runs-on: ubuntu-latest
|
|
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
|
|
- uses: actions/setup-dotnet@v4
|
|
with:
|
|
dotnet-version: "10.0.x"
|
|
|
|
- name: Restore dependencies
|
|
run: dotnet restore
|
|
|
|
- name: Check for vulnerable packages
|
|
run: dotnet list package --vulnerable --include-transitive
|