From 02cb1475adef4765b0426fd26c639f8cef0c6a9b Mon Sep 17 00:00:00 2001
From: josspo <31305886+josspo@users.noreply.github.com>
Date: Tue, 12 Dec 2023 11:40:43 -0300
Subject: [PATCH] Create CVE Scanning (#80)
---
.cve/allow-list.xml | 3 +++
.github/workflows/cve-scanning.yml | 38 +++++++++++++++++++++++++++++
src/Examples/WpfFdc3/WpfFdc3.csproj | 1 +
3 files changed, 42 insertions(+)
create mode 100644 .cve/allow-list.xml
create mode 100644 .github/workflows/cve-scanning.yml
diff --git a/.cve/allow-list.xml b/.cve/allow-list.xml
new file mode 100644
index 0000000..fbf9371
--- /dev/null
+++ b/.cve/allow-list.xml
@@ -0,0 +1,3 @@
+
+
+
diff --git a/.github/workflows/cve-scanning.yml b/.github/workflows/cve-scanning.yml
new file mode 100644
index 0000000..9ef41e8
--- /dev/null
+++ b/.github/workflows/cve-scanning.yml
@@ -0,0 +1,38 @@
+name: CVE Scanning
+
+on:
+ push:
+
+jobs:
+ dotnet-modules-scan:
+ name: dotnet-scan
+ runs-on: ubuntu-latest
+ continue-on-error: false
+
+ steps:
+ - name: Checkout
+ uses: actions/checkout@v3
+ - name: Build project with dotnet
+ run: dotnet build --configuration Release
+ working-directory: 'src'
+ - name: List vulnerable libraries
+ run: dotnet list package --vulnerable --include-transitive
+ working-directory: 'src'
+ - name: Depcheck
+ uses: dependency-check/Dependency-Check_Action@1b5d19fd4a32ff0ff982e8c9d8e27dbf7ac8a46c
+ id: Depcheck
+ with:
+ project: '.'
+ path: '.'
+ format: 'HTML'
+ out: 'reports'
+ args: >
+ --suppression .cve/allow-list.xml
+ --failOnCVSS 7
+ --enableRetired
+ - name: Upload Test results
+ if: ${{ always() }}
+ uses: actions/upload-artifact@v3
+ with:
+ name: Depcheck report
+ path: ${{ github.workspace }}/reports
diff --git a/src/Examples/WpfFdc3/WpfFdc3.csproj b/src/Examples/WpfFdc3/WpfFdc3.csproj
index 5421697..d602e40 100644
--- a/src/Examples/WpfFdc3/WpfFdc3.csproj
+++ b/src/Examples/WpfFdc3/WpfFdc3.csproj
@@ -5,6 +5,7 @@
net6.0-windows
enable
true
+ true