I can find most vulnerable packages using dotnet list package --vulnerable
but to put that in a build step and fail the build would require some text parsing. Is there some easier way, such as a webservice that returns the same information in JSON where it would be easier to determine whether the returned data indicates a vulnerability?
↧
How can I fail a .NET build if a project references a NuGet package with known vulnerabilities
↧