Add Scan for Vulnerable Dependencies (#4082)

cschuchardt88 · Wi1l-B0t · web-flow · commit a3eeb56aaa42 · 2025-07-22T12:45:18.000-03:00
* Add Scan for Vulnerable Dependencies * fix workflow * Add dependabot * Added @vncoelho suggestions * Added dotnet restore --------- Co-authored-by: Will <201105916+Wi1l-B0t@users.noreply.github.com>
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
@@ -31,6 +31,27 @@ jobs:
     - name: Check Format (*.cs)
       run: dotnet format --verify-no-changes --verbosity diagnostic
 
+  Check-Vulnerable:
+    name: Scan for Vulnerable Dependencies
+    needs: [Format]
+    timeout-minutes: 15
+    runs-on: ubuntu-latest
+    continue-on-error: true
+    steps:
+    - name: Checkout
+      uses: actions/checkout@v4.2.2
+
+    - name: Setup .NET
+      uses: actions/setup-dotnet@v4.3.1
+      with:
+        dotnet-version: ${{ env.DOTNET_VERSION }}
+
+    - name: Restore
+      run: dotnet restore
+
+    - name: Scan for Vulnerable Dependencies
+      run: dotnet list package --vulnerable --include-transitive
+
   Test-Everything:
     needs: [Format]
     timeout-minutes: 15
